iliaa Wed Jan 21 15:45:31 2009 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/standard base64.c /php-src NEWS Log: MFB: Fixed bug #47174 (base64_decode() interprets pad char in mid string as terminator) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/base64.c?r1=1.43.2.2.2.5&r2=1.43.2.2.2.6&diff_format=u Index: php-src/ext/standard/base64.c diff -u php-src/ext/standard/base64.c:1.43.2.2.2.5 php-src/ext/standard/base64.c:1.43.2.2.2.6 --- php-src/ext/standard/base64.c:1.43.2.2.2.5 Wed Dec 31 11:17:44 2008 +++ php-src/ext/standard/base64.c Wed Jan 21 15:45:29 2009 @@ -15,7 +15,7 @@ | Author: Jim Winstead <j...@php.net> | +----------------------------------------------------------------------+ */ -/* $Id: base64.c,v 1.43.2.2.2.5 2008/12/31 11:17:44 sebastian Exp $ */ +/* $Id: base64.c,v 1.43.2.2.2.6 2009/01/21 15:45:29 iliaa Exp $ */ #include <string.h> @@ -153,7 +153,14 @@ /* run through the whole string, converting as we go */ while ((ch = *current++) != '\0' && length-- > 0) { - if (ch == base64_pad) break; + if (ch == base64_pad) { + if (*current != '=' && (i % 4) == 1) { + efree(result); + return NULL; + } + i++; + continue; + } ch = base64_reverse_table[ch]; if ((!strict && ch < 0) || ch == -1) { /* a space or some other separator character, we simply skip over */ http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1399&r2=1.2027.2.547.2.1400&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1399 php-src/NEWS:1.2027.2.547.2.1400 --- php-src/NEWS:1.2027.2.547.2.1399 Wed Jan 21 10:15:42 2009 +++ php-src/NEWS Wed Jan 21 15:45:29 2009 @@ -17,6 +17,8 @@ - Fixed bug in xml_error_string() which resulted in messages being off by one. (Scott) +- Fixed bug #47174 (base64_decode() interprets pad char in mid string as + terminator). (Ilia) - Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry) - Fixed bug #47152 (gzseek/fseek using SEEK_END produces strange results).
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php