Created attachment 1163869 [details]
simple demo of incorrect result by copying static function into standalone program
Description of problem:
base64_decode_value() in rpmio/base64.c incorrectly uses > instead of >= when bounds checking array. This leads to base64_decode_value(123)
returning a garbage value rather than -1.
Version-Release number of selected component (if applicable):
Present in all versions.
Steps to Reproduce:
Attached file demonstrates the function's incorrect result (should be -1, result is instead arbitrary).
See upstream bug https://github.com/rpm-software-management/rpm/pull/68
Originally disclosed by firstname.lastname@example.org to secalert@ as a potential security issue.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.