PHP :: Bug #27460 :: base64_decode fails to follow RFC 3548 completely

Bug #27460

base64_decode fails to follow RFC 3548 completely

Submitted:

2004-03-02 09:43 UTC

Modified:

2004-03-06 13:58 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

naish at klanen dot net

Assigned:

Status:

Closed

Package:

URL related

PHP Version:

4.3.4

OS:

Suse Linux 9.0 (2.4.21)

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	naish at klanen dot net
New email:
PHP Version:		OS:

New Comment:

[2004-03-02 09:43 UTC] naish at klanen dot net

Description:
------------
If a base64 encoded string contains a non-needed "=" at the end of the string base64_decode returns false even though the string has been correctly decoded.

The standard for base64 even specifies that a file may contain non-needed padding chars.

http://www.faqs.org/rfcs/rfc3548.html

- snip -
Furthermore, such specifications may consider the pad character, "=", as not part of the base alphabet until the end of the string.  If more than the allowed number of pad characters are found at the end of the string, e.g., a base 64 string terminated with "===", the excess pad characters could be ignored.
- /snip -

The fix is simple. In ext/standard/base64.c insert the following code:

        if (ch == base64_pad) {
                switch(i % 4) {
                case 1:
                        efree(result);
                        return NULL;
                case 2:
                        k++;
                case 3:
                        result[k++] = 0;
                }
        }

in the base64_decode function. Notice that the only thing I did was remove "case 0:" on line 191.

Reproduce code:
---------------
<?php

	$string=base64_encode("123456");

	echo $string."\n";

	//Insert a not-needed padding char.
	$string.="=";

	//This returns false even though $string is valid base64
	var_dump(base64_decode($string));
?>


Expected result:
----------------
$string should been encoded to base64 and later decoded with 1 extra "=" added at the end.



Actual result:
--------------
PHP fails to decode the string properly.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-03-06 13:58 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 12:01:31 2024 UTC