[Botan-devel] Re: Fwd: 1.6.0 Base64_Decoder doesn't handle trailing equals signs in IGNORE_WS or FULL_CHECK mode

Jack Lloyd lloyd at randombit.net
Mon Jan 8 04:16:10 EST 2007


Ummmm... oops? Problem is that Base64_Decoder::is_valid('=') returns
false (since otherwise it would be decoded and used for output, which
is not what we want). New version of handle_bad_char which fixes both
problems: 

void Base64_Decoder::handle_bad_char(byte c)
   {
   if(c == '=' || checking == NONE)
      return;

   if((checking == IGNORE_WS) && Charset::is_space(c))
      return;

   throw Decoding_Error(
      std::string("Base64_Decoder: Invalid base64 character '") + (char)c + "'"
      );
   }

This will cause the decoder to ignore extra equals signs that can be
included anywhere, rather than just at the end which is the only place
they are supposed to be, though I doubt that will bother too many
people in practice.

Fix will be in 1.6.1. Thanks for the report.

BTW, the mail list descriptions now mention that subscription is
needed to post. Bugzilla is still broken, though.

-Jack

On Sun, Jan 07, 2007 at 12:54:12AM -0800, Zack Weinberg wrote:
> ---------- Forwarded message ----------
> From: "Zack Weinberg" <zackw at panix.com>
> To: botan-devel at randombit.net
> Date: Sun, 7 Jan 2007 00:47:38 -0800
> Subject: 1.6.0 Base64_Decoder doesn't handle trailing equals signs in
> IGNORE_WS or FULL_CHECK mode
> I noticed today that, although Base64_Encoder emits the RFC-specified
> equals signs at the end of  an encoded stream when the input is not a
> multiple of three bytes long, Base64_Decoder doesn't handle them at
> all.  If you put the decoder into any checking mode other than NONE,
> it throws Decode_Error on the first equals sign.  I looked a little at
> fixing this but I don't understand the filter classes well enough to
> do it properly.
> 
> I also noticed a minor bug in the formation of the diagnostic:
> 
> -    throw Decoding_Error("Base64_Decoder: Invalid base64 character: " + c);
> +   throw Decoding_Error(
> +           std::string("Base64_Decoder: Invalid base64 character: ")
> +           + char(c));
> 
> the former is perfectly valid C(++) but does not do what was meant.
> 
> zw



More information about the botan-devel mailing list