From 1e6826790d3a0b69e810493048e3b12c6da2f454 Mon Sep 17 00:00:00 2001
From: Yue Du <ifduyue@gmail.com>
Date: Tue, 15 Dec 2015 20:42:55 +0800
Subject: [PATCH] Check padding char

---
 setup.py |  2 +-
 xxtea.c  | 30 +++++++++++++++++++++---------
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/setup.py b/setup.py
index 2d84436..b4d90a0 100644
--- a/setup.py
+++ b/setup.py
@@ -1,7 +1,7 @@
 from setuptools import setup, Extension
 import os
 
-VERSION = "1.0.1"
+VERSION = "1.0.2"
 
 if os.name == 'posix':
     extra_compile_args = [
diff --git a/xxtea.c b/xxtea.c
index f3511d5..e3425f3 100644
--- a/xxtea.c
+++ b/xxtea.c
@@ -129,7 +129,7 @@ static int bytes2longs(const char *in, int inlen, uint32_t *out, int padding)
 
 static int longs2bytes(uint32_t *in, int inlen, char *out, int padding)
 {
-    int i, pad = 0;
+    int i, outlen, pad;
     unsigned char *s;
 
     s = (unsigned char *)out;
@@ -141,21 +141,33 @@ static int longs2bytes(uint32_t *in, int inlen, char *out, int padding)
         s[4 * i + 3] = (in[i] >> 24) & 0xFF;
     }
 
-    i <<= 2;
+    outlen = inlen * 4;
 
     /* PKCS#7 unpadding */
     if (padding) {
-        pad = s[i - 1];
-        i -= pad;
-    }
+        pad = s[outlen - 1];
+        outlen -= pad;
+
+        if (pad < 1 || pad > 8) {
+            /* invalid padding */
+            return -1;
+        }
+
+        if (outlen < 0) {
+            return -2;
+        }
 
-    if (i >= 0 && i <= inlen << 2) {
-        s[i] = '\0';
+        for (i = outlen; i < inlen * 4; i++) {
+            if (s[i] != pad) {
+                return -3;
+            }
+        }
     }
 
+    s[outlen] = '\0';
+
     /* How many bytes we've got */
-    /* Negative means errors */
-    return pad < 0 ? pad : i;
+    return outlen;
 }
 
 /*****************************************************************************