From b9a0862f48138abcea5663b89fa67fac58be70c5 Mon Sep 17 00:00:00 2001
From: Andrew Ayer <agwa@andrewayer.name>
Date: Wed, 3 May 2017 16:45:06 -0700
Subject: [PATCH] Advisory: base64 heap-based buffer overflow

---
 crates/base64/RUSTSEC-0000-0000.toml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 crates/base64/RUSTSEC-0000-0000.toml

diff --git a/crates/base64/RUSTSEC-0000-0000.toml b/crates/base64/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..65c6e1b
--- /dev/null
+++ b/crates/base64/RUSTSEC-0000-0000.toml
@@ -0,0 +1,19 @@
+[advisory]
+package = "base64"
+patched_versions = [">= 0.5.2"]
+dwf = []
+url = "https://github.com/alicemaz/rust-base64/commit/24ead980daf11ba563e4fb2516187a56a71ad319"
+title = "Integer overflow leads to heap-based buffer overflow in encode_config_buf"
+date = "2017-05-03"
+description = """
+Affected versions of this crate suffered from an integer overflow bug when
+calculating the size of a buffer to use when encoding base64 using the
+`encode_config_buf` and `encode_config` functions.  If the input string
+was large, this would cause a buffer to be allocated that was too small.
+Since this function writes to the buffer using unsafe code, it would
+allow an attacker to write beyond the buffer, causing memory corruption
+and possibly the execution of arbitrary code.
+
+This flaw was corrected by using checked arithmetic to calculate
+the size of the buffer.
+"""