mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 15:48:49 -05:00
base64: Added basic validation to base64 input string when decoding
A base64 string should be a multiple of 4 characters in length, not contain any more than 2 padding characters and only contain padding characters at the end of string. For example: Y3VybA== Strings such as the following are considered invalid: Y= - Invalid length Y== - Invalid length Y=== - More than two padding characters Y=x= - Padding character contained within string
This commit is contained in:
parent
7d1eb66cd7
commit
e17c1b25bc
19
lib/base64.c
19
lib/base64.c
@ -82,6 +82,7 @@ static void decodeQuantum(unsigned char *dest, const char *src)
|
||||
CURLcode Curl_base64_decode(const char *src,
|
||||
unsigned char **outptr, size_t *outlen)
|
||||
{
|
||||
size_t srcLen = 0;
|
||||
size_t length = 0;
|
||||
size_t equalsTerm = 0;
|
||||
size_t i;
|
||||
@ -92,21 +93,31 @@ CURLcode Curl_base64_decode(const char *src,
|
||||
|
||||
*outptr = NULL;
|
||||
*outlen = 0;
|
||||
srcLen = strlen(src);
|
||||
|
||||
/* Check the length of the input string is valid */
|
||||
if(!srcLen || srcLen % 4)
|
||||
return CURLE_BAD_CONTENT_ENCODING;
|
||||
|
||||
/* Find the position of any = padding characters */
|
||||
while((src[length] != '=') && src[length])
|
||||
length++;
|
||||
|
||||
/* A maximum of two = padding characters is allowed */
|
||||
if(src[length] == '=') {
|
||||
equalsTerm++;
|
||||
if(src[length+equalsTerm] == '=')
|
||||
equalsTerm++;
|
||||
}
|
||||
|
||||
/* Check the = padding characters weren't part way through the input */
|
||||
if(length + equalsTerm != srcLen)
|
||||
return CURLE_BAD_CONTENT_ENCODING;
|
||||
|
||||
/* Calculate the number of quantums */
|
||||
numQuantums = (length + equalsTerm) / 4;
|
||||
|
||||
/* Don't allocate a buffer if the decoded length is 0 */
|
||||
if(numQuantums == 0)
|
||||
return CURLE_OK;
|
||||
|
||||
/* Calculate the size of the decoded string */
|
||||
rawlen = (numQuantums * 3) - equalsTerm;
|
||||
|
||||
/* The buffer must be large enough to make room for the last quantum
|
||||
|
@ -104,11 +104,27 @@ fail_unless(size == 1, "size should be 1");
|
||||
verify_memory(decoded, "i", 2);
|
||||
Curl_safefree(decoded);
|
||||
|
||||
/* this is an illegal input */
|
||||
/* This is illegal input as the data is too short */
|
||||
size = 1; /* not zero */
|
||||
decoded = &anychar; /* not NULL */
|
||||
rc = Curl_base64_decode("aQ", &decoded, &size);
|
||||
/* return code indiferent, but output shall be as follows */
|
||||
fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING");
|
||||
fail_unless(size == 0, "size should be 0");
|
||||
fail_if(decoded, "returned pointer should be NULL");
|
||||
|
||||
/* This is illegal input as it contains three padding characters */
|
||||
size = 1; /* not zero */
|
||||
decoded = &anychar; /* not NULL */
|
||||
rc = Curl_base64_decode("a===", &decoded, &size);
|
||||
fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING");
|
||||
fail_unless(size == 0, "size should be 0");
|
||||
fail_if(decoded, "returned pointer should be NULL");
|
||||
|
||||
/* This is illegal input as it contains a padding character mid input */
|
||||
size = 1; /* not zero */
|
||||
decoded = &anychar; /* not NULL */
|
||||
rc = Curl_base64_decode("a=Q=", &decoded, &size);
|
||||
fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING");
|
||||
fail_unless(size == 0, "size should be 0");
|
||||
fail_if(decoded, "returned pointer should be NULL");
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user