From 653950434cfe80b5aacfd333196248f692d1a5ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@des.no>
Date: Thu, 19 Mar 2015 00:42:58 +0000
Subject: [PATCH] Fully fix the input overflow bug and add a test case for it.

git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@861 185d5e19-27fe-0310-9dcf-9bff6b9f3609
---
 lib/liboath/oath_uri_decode.c |  1 -
 t/t_rfc3986.c                 | 21 +++++++++++++++++----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/lib/liboath/oath_uri_decode.c b/lib/liboath/oath_uri_decode.c
index c9d8acc..b859aa9 100644
--- a/lib/liboath/oath_uri_decode.c
+++ b/lib/liboath/oath_uri_decode.c
@@ -63,7 +63,6 @@ oath_uri_decode(const char *in, size_t ilen, char *out, size_t olen)
 			if (out != NULL && opos < olen - 1)
 				out[opos] = unhex(in[ipos + 1]) * 16 +
 				    unhex(in[ipos + 2]);
-			ilen += 2;
 			ipos += 2;
 		} else {
 			if (out != NULL && opos < olen - 1)
diff --git a/t/t_rfc3986.c b/t/t_rfc3986.c
index ccf2776..16e8ba9 100644
--- a/t/t_rfc3986.c
+++ b/t/t_rfc3986.c
@@ -54,16 +54,26 @@ struct t_case {
 };
 
 /* basic encoding / decoding */
-#define T_ENCODE4(d, i, il, o, ol)					\
+#define T_ENCODE6(d, i, il, o, ol)					\
 	{ .func = oath_uri_encode, .desc = d,				\
 	  .in = i, .ilen = il, .out = o, .olen = ol }
+#define T_ENCODE5(d, i, il, o, ol)					\
+	T_ENCODE6(d, i, il, o, ol)
+#define T_ENCODE4(d, i, il, o)						\
+	T_ENCODE5(d, i, il, o, sizeof o)
 #define T_ENCODE(d, i, o)						\
-	T_ENCODE4(d, i, sizeof(i) - 1, o, sizeof(o))
-#define T_DECODE4(d, i, il, o, ol)					\
+	T_ENCODE4(d, i, sizeof i - 1, o)
+
+#define T_DECODE6(d, i, il, o, ol)					\
 	{ .func = oath_uri_decode, .desc = d,				\
 	  .in = i, .ilen = il, .out = o, .olen = ol }
+#define T_DECODE5(d, i, il, o, ol)					\
+	T_DECODE6(d, i, il, o, ol)
+#define T_DECODE4(d, i, il, o)						\
+	T_DECODE5(d, i, il, o, sizeof o)
 #define T_DECODE(d, i, o)						\
-	T_DECODE4(d, i, sizeof(i) - 1, o, sizeof(o))
+	T_DECODE4(d, i, sizeof i - 1, o)
+
 #define T_ENCDEC(d, i, o)						\
 	T_ENCODE(d " enc", i, o), T_DECODE(d " dec", o, i)
 
@@ -77,6 +87,9 @@ static struct t_case t_cases[] = {
 	T_DECODE("suffix",		"%20x",		" x"),
 	T_DECODE("surrounded",		"x%20x",	"x x"),
 
+	/* input overflow */
+	T_DECODE4("short",		"%20xy", 4,	" x"),
+
 	/* partials */
 	T_DECODE("partial, one",	"%",		"%"),
 	T_DECODE("partial, two",	"%2",		"%2"),