On 27/10/2023 08:28, Simon Josefsson wrote:
Pádraig Brady <p...@draigbrady.com> writes:
To give a little more context, this will avoid
round trip issues like the following, by failing early:
$ echo "HelloWorld==" | base64 -d | base64
HelloWorlQ==
Thanks for background and patches! There are use-cases for bad inputs
(both for good and malicious purposes), but I believe these should be
considered corner-cases and agree that the default should be to reject
them.
Right the default operation should be more resilient.
However if there are good use-cases for bad inputs
we may need to adjust this patch,
rather than failing unconditionally.
For example we could just flag non canonical input in the context,
and leave it up to the caller how to deal with that.
It would be good to know an example of good use-cases
for bad inputs though, as I can't think of any.
thanks,
Pádraig.
