Bug #52327 [Asn->Csd]: base64_decode() improper handling of leading padding.

Fri, 26 Nov 2010 12:59:43 -0800 

Edit report at http://bugs.php.net/bug.php?id=52327&edit=1

 ID:                 52327
 Updated by:         il...@php.net
 Reported by:        yuri-sevatz at hotmail dot com
 Summary:            base64_decode() improper handling of leading
                     padding.
-Status:             Assigned
+Status:             Closed
 Type:               Bug
 Package:            *Compression related
 Operating System:   ALL
 PHP Version:        5.3.2
 Assigned To:        iliaa
 Block user comment: N
 Private report:     N

 New Comment:

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed when strict mode is being used.


Previous Comments:
------------------------------------------------------------------------
[2010-11-26 21:59:15] il...@php.net

Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=305779
Log: Fixed bug #52327 (base64_decode() improper handling of leading
padding in strict mode)

------------------------------------------------------------------------
[2010-07-13 11:12:17] yuri-sevatz at hotmail dot com

Description:
------------
According to the MIME standard that we're following, this isn't supposed
to work when strict mode is enabled.  Equal-signs are strictly reserved
for padding characters at the _end_ of a base64 MIME string.



Leading '=' signs are allowed in each block of 4 bytes because the
condition that checks for invalid placement of the '=' signs only checks
if (i % 4) == 1, 



Whereas it should check if (i % 4) is 0 or 1.



You should be able to change the circumstances for a valid '='
placement, as follows, to conform to the standard:



// to see if bit position 2 is set (for all values of i = n*4+2 and i =
n*4+3)

if (i & 2)

    // means that the '=' is in a valid location







I would also suggest *carefully* looking over the block at the end of
the base64_decode() function... as it seems that if (ch == base64_pad)
after ch is ALWAYS set to '\0' is an impossible scenario.

Test script:
---------------
<?php 

echo
base64_decode('=VGhl=ICc9=JyBz=eW1i=b2xz=IGFy=ZW4n=dCBh=bGxv=d2Vk=IHdo=ZXJl=IGkg=cHV0=IHRo=ZW0g=by5P');

?>



Expected result:
----------------
should return FALSE/NULL/Errornous value

Actual result:
--------------
echos:



The '=' symbols aren't allowed where i put them o.O


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52327&edit=1

Reply via email to