Skip to content

Commit

Permalink
func_aes: fix misuse of strlen on binary data
Browse files Browse the repository at this point in the history 
The encryption code for AES_ENCRYPT evaluates the length of the data to
be encoded in base64 using strlen. The data is binary, thus the length
of it can be underestimated at the first NULL character.
Reuse the write pointer offset to evaluate it, instead.

ASTERISK-25857 #close

Change-Id: If686b5d570473eb926693c73461177b35b13b186
  • Loading branch information
@giangi @rmudgett9125
giangi authored and rmudgett9125 committed Mar 19, 2016
1 parent 4aaf8f2 commit 8f94f94
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion funcs/func_aes.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ static int aes_helper(struct ast_channel *chan, const char *cmd, char *data,
}

if (encrypt) { /* if encrypting encode result to base64 */
ast_base64encode(buf, (unsigned char *) tmp, strlen(tmp), len);
ast_base64encode(buf, (unsigned char *) tmp, tmpP - tmp, len);
} else {
memcpy(buf, tmp, len);
}
Expand Down

0 comments on commit 8f94f94

Please sign in to comment.