php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27460 base64_decode fails to follow RFC 3548 completely
Submitted: 2004-03-02 09:43 UTC Modified: 2004-03-06 13:58 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: naish at klanen dot net Assigned:
Status: Closed Package: URL related
PHP Version: 4.3.4 OS: Suse Linux 9.0 (2.4.21)
Private report: No CVE-ID:
 [2004-03-02 09:43 UTC] naish at klanen dot net
Description:
------------
If a base64 encoded string contains a non-needed "=" at the end of the string base64_decode returns false even though the string has been correctly decoded.

The standard for base64 even specifies that a file may contain non-needed padding chars.

http://www.faqs.org/rfcs/rfc3548.html

- snip -
Furthermore, such specifications may consider the pad character, "=", as not part of the base alphabet until the end of the string.  If more than the allowed number of pad characters are found at the end of the string, e.g., a base 64 string terminated with "===", the excess pad characters could be ignored.
- /snip -

The fix is simple. In ext/standard/base64.c insert the following code:

        if (ch == base64_pad) {
                switch(i % 4) {
                case 1:
                        efree(result);
                        return NULL;
                case 2:
                        k++;
                case 3:
                        result[k++] = 0;
                }
        }

in the base64_decode function. Notice that the only thing I did was remove "case 0:" on line 191.

Reproduce code:
---------------
<?php

	$string=base64_encode("123456");

	echo $string."\n";

	//Insert a not-needed padding char.
	$string.="=";

	//This returns false even though $string is valid base64
	var_dump(base64_decode($string));
?>


Expected result:
----------------
$string should been encoded to base64 and later decoded with 1 extra "=" added at the end.



Actual result:
--------------
PHP fails to decode the string properly.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-06 13:58 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 10:03:03 2014 UTC