From ac9e3ba677232fc37db7251fe9de33ed96dbcd6d Mon Sep 17 00:00:00 2001
From: Daren Hayward <54070183+darhaywa@users.noreply.github.com>
Date: Thu, 23 Mar 2023 15:36:02 +0000
Subject: [PATCH] b64: lws_b64_decode_stateful truncates response

Addresses issue #2855 by allowing the parsing of the final byte when there are at least 3 bytes remaining in the buffer.

For every 4 bytes of input, a maximum of 3 bytes of output are generated when decoding the base64 string. The buffer space, therefore, only requires an additional 3 bytes of space. The code checks for space in the buffer before adding null termination.
---
 lib/misc/base64-decode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/misc/base64-decode.c b/lib/misc/base64-decode.c
index 9d18b33fc..332e91dfb 100644
--- a/lib/misc/base64-decode.c
+++ b/lib/misc/base64-decode.c
@@ -113,7 +113,7 @@ lws_b64_decode_stateful(struct lws_b64state *s, const char *in, size_t *in_len,
 	const char *orig_in = in, *end_in = in + *in_len;
 	uint8_t *orig_out = out, *end_out = out + *out_size;
 
-	while (in < end_in && *in && out + 4 < end_out) {
+	while (in < end_in && *in && out + 3 <= end_out) {
 
 		for (; s->i < 4 && in < end_in && *in; s->i++) {
 			uint8_t v;