fix: base64_decode may consume invalid fourth symbol without rejecting#170
Open
mbtools wants to merge 1 commit intodcodeIO:mainfrom
Open
fix: base64_decode may consume invalid fourth symbol without rejecting#170mbtools wants to merge 1 commit intodcodeIO:mainfrom
base64_decode may consume invalid fourth symbol without rejecting#170mbtools wants to merge 1 commit intodcodeIO:mainfrom
Conversation
mbtools
changed the title
base64_decode may consume invalid fourth symbol without rejectingbase64_decode may consume invalid fourth symbol without rejecting
Author
|
There are fairly limited tests in this repo. Let me know if you want me to add some for |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
base64_decodedid not reject an invalid fourth Base64 character in a 4-character sequence. That let decoding continue and mix -1 into the output byte instead of stopping, so malformed input could yield wrong bytes instead of a clean abort.Bug
For
c1,c2, andc3, the code already breaks when the lookup is-1. After readingc4, there was no equivalent check. An invalid fourth symbol setc4to-1, but the code still rano |= c4, corrupting the computed byte and accepting input that should be invalid.Fix
After resolving
c4from the input, addif (c4 == -1) break;so invalid fourth symbols match the behavior for the other symbols and decoding stops without emitting a bad byte.Severity
Medium — Incorrect bytes from bad Base64 can affect correctness of anything that depends on this decoder (e.g. salt/hash parsing). Risk is mainly when input is untrusted or malformed; aligned with treating strict decoding as important in a crypto-related path.