Skip to content

Fix various base64_decode bugs. #1923

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Metabolix wants to merge 6 commits into from
Closed

Fix various base64_decode bugs. #1923

Metabolix wants to merge 6 commits into from

Conversation

@Metabolix
Copy link
Contributor

@Metabolix Metabolix commented May 25, 2016

Fix base64_decode bugs 72264, 72263, 72152, with tests.

This is for PHP-7.0, because the patches don't cleanly apply to PHP-5.6 (which uses char* instead of zend_string).

Metabolix added 6 commits May 25, 2016 22:51
@Metabolix
base64_decode: reorder to fix out of bounds read
505469f
@Metabolix
base64_decode: remove redundant check
637c567 
If length == 0 || *current != '=' is false, the for loop will always
end up in this same point, until the if statement becomes true.
Thus, the if statement is not needed.
@Metabolix
base64_decode: fix bug #72152 (fail on NUL bytes in strict mode)
0893bf1 
This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.
@Metabolix
base64_decode: fix bug #72263 (skips char after padding)
8f3cb42
@Metabolix
base64_decode: remove redundant code
12bc5cc 
case 1 is already handled in the first lines of the for loop;
it would only be entered in the invalid case where the string
continues past the defined length (ch != 0 but length-- == 0).

case 2 and case 3 are redundant, since k >= j and later the
string is truncated to j characters anyway.
@Metabolix
base64_decode: fix bug #72264 ('VV= =' shouldn't fail in strict mode)
1d3b16d
@laruence laruence added the Bug label May 28, 2016
@Metabolix
Copy link
Contributor Author

Metabolix commented Jun 29, 2016

Any comments on this? Is there something wrong with the patches?

@nikic
Copy link
Member

nikic commented Jul 1, 2016

I don't think anything's wrong. I'll try to land this on the next week.

@nikic
Copy link
Member

nikic commented Jul 5, 2016

Merged into 7.0 and upwards. Thanks for your thorough work on this!

I think that the FIXME "why do we still allow invalid padding in other places in the middle of the string?" at least should be resolved as well. Padding in the middle of the string really makes no sense.

@nikic nikic closed this Jul 5, 2016
@Metabolix Metabolix deleted the fix-base64-php70 branch July 7, 2016 07:59
This was referenced Jul 7, 2016
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Metabolix @nikic @laruence