php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64162 Extra characters added to base64_decode() output
Submitted: 2013-02-06 11:10 UTC Modified: 2013-02-06 21:40 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: rob at neovidamedia dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: Irrelevant OS: Windows 7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: rob at neovidamedia dot com
New email:
PHP Version: OS:

 

 [2013-02-06 11:10 UTC] rob at neovidamedia dot com 
Description:
------------
---
From manual page: http://www.php.net/function.base64-decode
---

Run this code, and notice the output for 'Decoded' -- it looks the same as 
'Original', but it is not.  Select it (the result), copy it, and paste it into 
notepad or something, and you will see a bonus character at the end.

It seems to be related to the string length of $a, and the fact that it contains 
a 
number at its end, but I could be wrong.  I ran about one hundred different 
scenario tests, and got some funky results.

PS - I am running PHP 5.2.17, but that is what my host offers.  Don't think I 
can upgrade on my own ...

Test script:
---------------
$a = "Proteussing88";

function randLetter()
    {
    $int = rand(0,61);
    $a_z = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
    $rand_letter = $a_z[$int];
    return $rand_letter;
    }
$pass = randLetter() . base64_encode($a) . randLetter() . randLetter() . randLetter();

$db_pass = base64_decode(substr($pass, 1, (strlen($pass) - 2)));
$final = substr($db_pass, 0, (strlen($db_pass) - 1));

echo 'Original: ' . $a . '<br />Encoded: ' . $pass . '<br />Decoded: ' . $final;

Expected result:
----------------
The visual result is fine, but in the background a special character is being 
added to the final string variable.

Actual result:
--------------
The final string variable looks right, but only in a browser.  Paste it into 
notepad or any other text editor, and you get an unexpected special character at 
its end.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-02-06 15:52 UTC] bobwei9 at hotmail dot com 
Effectively. On PHP 5.3 there is a byte with \x02 and on trunk \x07...

Alone this difference must be a bug...
 [2013-02-06 16:00 UTC] bobwei9 at hotmail dot com 
But whatever; there is also an error in your script:

$final = base64_decode(substr($pass, 1, (strlen($pass) - 4)));

would be right.
____

However, somewhere between 5.3.15 and trunk, base64_decode()-handling of invalid characters (after the last =) has changed...
 [2013-02-06 16:02 UTC] rasmus@php.net 
You can't arbitrarily add random characters to the base64-encoded string and 
expect to get sensible output. You are adding 1 char before and 3 after to your 
encoded string, but then you do base64_decode(substr($pass, 1, (strlen($pass) - 
2))) meaning you only remove 2 of those appended chars before you decode. Make 
that strlen()-3 and your problems go away. The fact that it differs across 
versions is irrelevant since you are not passing in a valid base64 encoded 
string.
 [2013-02-06 16:02 UTC] rasmus@php.net
-Status: Open +Status: Not a bug
 [2013-02-06 21:40 UTC] rob at neovidamedia dot com 
Actually, the code I have written works in most instances.  There are a handful 
that don't work, such as the sample that I have provided ($a = 
"Proteussing88";).  As per substr(): strlen will give you the length of a string 
where the first character is character 1 -- in substr() positions start with the 
first character being in position 0 (like an array).  Hence, I don't think that 
I have to remove 2 characters, or 4.  I could be wrong as I am not an expert 
professional, but I have consulted a couple of other programmers, both of whom 
are much better than I, and they can't solve this either.

Believe me, this code works 95%+ of the time.  Please refer to this part of the 
description:

"It seems to be related to the string length of $a, and the fact that it 
contains a number at its end, but I could be wrong."

Also, I upgraded PHP to 5.3 and this piece of code still failed.

As far as I can tell this is still a bug.
 [2013-02-18 14:15 UTC] anon at anon dot anon 
>I have consulted a couple of other programmers, both of whom are much better than I

Christ. Anyone is better than you.

Charles Babbage in 1864 gave us this quote regarding his design for the first mechanical calculator: "On two occasions I have been asked,—'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?'...I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."

I'm wondering the same thing as Babbage. You're giving base64_decode additional nonsense bytes, which by your very admission are chosen at random, then you have the audacity to blame it for not contorting those random bytes into the right answers.

>As far as I can tell this is still a bug.

Are you suggesting base64_decode be programmed with magic?

CHOP THE BYTES OFF YOU MORON (as @bobwei9 explained).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 19:01:28 2024 UTC