From 40e68e1119ed45ed27c586836d4cb9400a96db1c Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Sun, 20 May 2012 16:38:57 +0100
Subject: [PATCH] [base64] Avoid overrunning input data buffer

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/core/base64.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/core/base64.c b/src/core/base64.c
index 7514c1fac..761b42f27 100644
--- a/src/core/base64.c
+++ b/src/core/base64.c
@@ -54,11 +54,16 @@ void base64_encode ( const uint8_t *raw, size_t len, char *encoded ) {
 	uint8_t *encoded_bytes = ( ( uint8_t * ) encoded );
 	size_t raw_bit_len = ( 8 * len );
 	unsigned int bit;
+	unsigned int byte;
+	unsigned int shift;
 	unsigned int tmp;
 
 	for ( bit = 0 ; bit < raw_bit_len ; bit += 6 ) {
-		tmp = ( ( raw_bytes[ bit / 8 ] << ( bit % 8 ) ) |
-			( raw_bytes[ bit / 8 + 1 ] >> ( 8 - ( bit % 8 ) ) ) );
+		byte = ( bit / 8 );
+		shift = ( bit % 8 );
+		tmp = ( raw_bytes[byte] << shift );
+		if ( ( byte + 1 ) < len )
+			tmp |= ( raw_bytes[ byte + 1 ] >> ( 8 - shift ) );
 		tmp = ( ( tmp >> 2 ) & 0x3f );
 		*(encoded_bytes++) = base64[tmp];
 	}