php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #76291 Sodium Base64 no padding variants throw an excepting when decoding
Submitted: 2018-05-02 01:27 UTC Modified: 2018-11-09 11:43 UTC
From: james at lucas dot net dot au Assigned: cmb (profile)
Status: Closed Package: *Encryption and hash functions
PHP Version: 7.2.5 OS: MacOSX 10.11
Private report: No CVE-ID: None
View Developer Edit
 [2018-05-02 01:27 UTC] james at lucas dot net dot au 
Description:
------------
sodium_base642bin is unable to decode the base64 when using the no padding variants. This can be shown quickly by passing the output from the sodium_bin2base64 no padding variants directly to the base642bin

Configure Command =>  './configure'  '--prefix=/usr/local/Cellar/php/7.2.5' '--localstatedir=/usr/local/var' '--sysconfdir=/usr/local/etc/php/7.2' '--with-config-file-path=/usr/local/etc/php/7.2' '--with-config-file-scan-dir=/usr/local/etc/php/7.2/conf.d' '--with-pear=/usr/local/Cellar/php/7.2.5/share/php/pear' '--enable-bcmath' '--enable-calendar' '--enable-dba' '--enable-dtrace' '--enable-exif' '--enable-ftp' '--enable-fpm' '--enable-intl' '--enable-mbregex' '--enable-mbstring' '--enable-mysqlnd' '--enable-opcache-file' '--enable-pcntl' '--enable-phpdbg' '--enable-phpdbg-webhelper' '--enable-shmop' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-wddx' '--enable-zip' '--with-apxs2=/usr/local/opt/httpd/bin/apxs' '--with-bz2' '--with-fpm-user=_www' '--with-fpm-group=_www' '--with-freetype-dir=/usr/local/opt/freetype' '--with-gd' '--with-gettext=/usr/local/opt/gettext' '--with-gmp=/usr/local/opt/gmp' '--with-icu-dir=/usr/local/opt/icu4c' '--with-jpeg-dir=/usr/local/opt/jpeg' '--with-kerberos' '--with-layout=GNU' '--with-ldap' '--with-ldap-sasl' '--with-libedit' '--with-libzip' '--with-mhash' '--with-mysql-sock=/tmp/mysql.sock' '--with-mysqli=mysqlnd' '--with-ndbm' '--with-openssl=/usr/local/opt/openssl' '--with-password-argon2=/usr/local/opt/argon2' '--with-pdo-dblib=/usr/local/opt/freetds' '--with-pdo-mysql=mysqlnd' '--with-pdo-odbc=unixODBC,/usr/local/opt/unixodbc' '--with-pdo-pgsql=/usr/local/opt/libpq' '--with-pgsql=/usr/local/opt/libpq' '--with-pic' '--with-png-dir=/usr/local/opt/libpng' '--with-pspell=/usr/local/opt/aspell' '--with-sodium=/usr/local/opt/libsodium' '--with-unixODBC=/usr/local/opt/unixodbc' '--with-webp-dir=/usr/local/opt/webp' '--with-xmlrpc' '--with-xsl' '--with-zlib' '--with-curl'

sodium

sodium support => enabled
libsodium headers version => 1.0.16
libsodium library version => 1.0.16

Test script:
---------------
<?php

$variants = [ 'SODIUM_BASE64_VARIANT_ORIGINAL' => SODIUM_BASE64_VARIANT_ORIGINAL, 'SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING' => SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, 'SODIUM_BASE64_VARIANT_URLSAFE' => SODIUM_BASE64_VARIANT_URLSAFE, 'SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING' => SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING ];

foreach($variants as $variant => $flag)
{
  try {
    $base64 = sodium_bin2base64("abcd", $flag);
    echo $variant . " base64: " . $base64 . "\n";
    echo $variant . ": " . sodium_base642bin($base64, $flag) . "\n";
  } catch (SodiumException $ex) {
    echo $variant . ": " . $ex->getMessage() . "\n"; 
  }
}

Expected result:
----------------
SODIUM_BASE64_VARIANT_ORIGINAL base64: YWJjZA==
SODIUM_BASE64_VARIANT_ORIGINAL: abcd
SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING base64: YWJjZA
SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING: abcd
SODIUM_BASE64_VARIANT_URLSAFE base64: YWJjZA==
SODIUM_BASE64_VARIANT_URLSAFE: abcd
SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING base64: YWJjZA
SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING: abcd

Actual result:
--------------
SODIUM_BASE64_VARIANT_ORIGINAL base64: YWJjZA==
SODIUM_BASE64_VARIANT_ORIGINAL: abcd
SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING base64: YWJjZA
SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING: invalid base64 string
SODIUM_BASE64_VARIANT_URLSAFE base64: YWJjZA==
SODIUM_BASE64_VARIANT_URLSAFE: abcd
SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING base64: YWJjZA
SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING: invalid base64 string

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-05-02 10:08 UTC] james at lucas dot net dot au 
This has been fixed upstream with https://github.com/jedisct1/libsodium-php/commit/615bf793623eb3ae0d20cf407153f2d7e2aef9b5
 [2018-05-02 11:56 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2018-05-02 11:56 UTC] cmb@php.net 
> This has been fixed upstream […]

Great!  Therefore, this is not a PHP issue, though.
 [2018-05-02 12:31 UTC] nikic@php.net
-Status: Not a bug +Status: Re-Opened -Assigned To: cmb +Assigned To:
 [2018-05-02 12:31 UTC] nikic@php.net 
Upstream as in the PECL sodium extension, not libsodium. I think we should keep this open until the change is merged into php-src.
 [2018-07-28 04:14 UTC] james at lucas dot net dot au 
How do we request that this patch upstream is applied to php-src?
 [2018-11-09 03:28 UTC] james at lucas dot net dot au 
Fixed in 7.2.12

https://github.com/php/php-src/commit/15ba7df2245ac177a965346e7ec96a4ab3300839#diff-720e9e05fb7cbb4e6c32bea75f28b5b6
 [2018-11-09 11:43 UTC] cmb@php.net
-Status: Re-Opened +Status: Closed -Assigned To: +Assigned To: cmb
 [2018-11-09 11:43 UTC] cmb@php.net 
So this ticket can be closed now.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Oct 25 01:00:01 2025 UTC