php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27460 base64_decode fails to follow RFC 3548 completely
Submitted: 2004-03-02 09:43 UTC Modified: 2004-03-06 13:58 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: naish at klanen dot net Assigned:
Status: Closed Package: URL related
PHP Version: 4.3.4 OS: Suse Linux 9.0 (2.4.21)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: naish at klanen dot net
New email:
PHP Version: OS:

 

 [2004-03-02 09:43 UTC] naish at klanen dot net 
Description:
------------
If a base64 encoded string contains a non-needed "=" at the end of the string base64_decode returns false even though the string has been correctly decoded.

The standard for base64 even specifies that a file may contain non-needed padding chars.

http://www.faqs.org/rfcs/rfc3548.html

- snip -
Furthermore, such specifications may consider the pad character, "=", as not part of the base alphabet until the end of the string.  If more than the allowed number of pad characters are found at the end of the string, e.g., a base 64 string terminated with "===", the excess pad characters could be ignored.
- /snip -

The fix is simple. In ext/standard/base64.c insert the following code:

        if (ch == base64_pad) {
                switch(i % 4) {
                case 1:
                        efree(result);
                        return NULL;
                case 2:
                        k++;
                case 3:
                        result[k++] = 0;
                }
        }

in the base64_decode function. Notice that the only thing I did was remove "case 0:" on line 191.

Reproduce code:
---------------
<?php

	$string=base64_encode("123456");

	echo $string."\n";

	//Insert a not-needed padding char.
	$string.="=";

	//This returns false even though $string is valid base64
	var_dump(base64_decode($string));
?>


Expected result:
----------------
$string should been encoded to base64 and later decoded with 1 extra "=" added at the end.



Actual result:
--------------
PHP fails to decode the string properly.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-06 13:58 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 13:01:29 2024 UTC