diff options
author | Lauri Kenttä <lauri.kentta@gmail.com> | 2016-05-25 22:06:42 +0300 |
---|---|---|
committer | Nikita Popov <nikic@php.net> | 2016-07-07 01:27:23 +0200 |
commit | 3104759915aaeb3c42e596b72eb9d9c542005dcd (patch) | |
tree | a4181241f4974888217ff551849c5cbb1374e664 /ext/standard/base64.c | |
parent | 0259459486dd50b30b97392f6fc8085e7bba772e (diff) | |
download | php-git-3104759915aaeb3c42e596b72eb9d9c542005dcd.tar.gz |
base64_decode: fix bug #72264 ('VV= =' shouldn't fail in strict mode)
Diffstat (limited to 'ext/standard/base64.c')
-rw-r--r-- | ext/standard/base64.c | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/ext/standard/base64.c b/ext/standard/base64.c index dc3e52071b..d625dc0752 100644 --- a/ext/standard/base64.c +++ b/ext/standard/base64.c @@ -136,7 +136,7 @@ PHPAPI zend_string *php_base64_decode(const unsigned char *str, size_t length) / PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length, zend_bool strict) /* {{{ */ { const unsigned char *current = str; - int ch, i = 0, j = 0; + int ch, i = 0, j = 0, padding = 0; zend_string *result; result = zend_string_alloc(length, 0); @@ -155,26 +155,26 @@ PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length zend_string_free(result); return NULL; } - if (length > 0 && *current != '=' && strict) { - while (length > 0 && isspace(*current)) { - current++; - length--; - } - if (length == 0 || *current == '\0') { - continue; - } - zend_string_free(result); - return NULL; - } + padding++; continue; } ch = base64_reverse_table[ch]; - if ((!strict && ch < 0) || ch == -1) { /* a space or some other separator character, we simply skip over */ - continue; - } else if (ch == -2) { - zend_string_free(result); - return NULL; + if (!strict) { + /* skip unknown characters and whitespace */ + if (ch < 0) { + continue; + } + } else { + /* skip whitespace */ + if (ch == -1) { + continue; + } + /* fail on bad characters or if any data follows padding */ + if (ch == -2 || padding) { + zend_string_free(result); + return NULL; + } } switch(i % 4) { |