|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52327 base64_decode() improper handling of leading padding.
Submitted: 2010-07-13 11:12 UTC Modified: 2010-11-26 21:59 UTC
From: yuri-sevatz at hotmail dot com Assigned: iliaa
Status: Closed Package: *Compression related
PHP Version: 5.3.2 OS: ALL
Private report: No CVE-ID:
 [2010-07-13 11:12 UTC] yuri-sevatz at hotmail dot com
According to the MIME standard that we're following, this isn't supposed to work when strict mode is enabled.  Equal-signs are strictly reserved for padding characters at the _end_ of a base64 MIME string.

Leading '=' signs are allowed in each block of 4 bytes because the condition that checks for invalid placement of the '=' signs only checks if (i % 4) == 1, 

Whereas it should check if (i % 4) is 0 or 1.

You should be able to change the circumstances for a valid '=' placement, as follows, to conform to the standard:

// to see if bit position 2 is set (for all values of i = n*4+2 and i = n*4+3)
if (i & 2)
    // means that the '=' is in a valid location

I would also suggest *carefully* looking over the block at the end of the base64_decode() function... as it seems that if (ch == base64_pad) after ch is ALWAYS set to '\0' is an impossible scenario.

Test script:
echo base64_decode('=VGhl=ICc9=JyBz=eW1i=b2xz=IGFy=ZW4n=dCBh=bGxv=d2Vk=IHdo=ZXJl=IGkg=cHV0=IHRo=ZW0g=by5P');

Expected result:
should return FALSE/NULL/Errornous value

Actual result:

The '=' symbols aren't allowed where i put them o.O


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-26 21:53 UTC]
-Assigned To: +Assigned To: iliaa
 [2010-11-26 21:59 UTC]
Automatic comment from SVN on behalf of iliaa
Log: Fixed bug #52327 (base64_decode() improper handling of leading padding in strict mode)
 [2010-11-26 21:59 UTC]
-Status: Assigned +Status: Closed
 [2010-11-26 21:59 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Fixed when strict mode is being used.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Fri Nov 27 13:01:31 2015 UTC