On Mon, Nov 23, 2015 at 02:39:27PM +0100, Markus Armbruster wrote: > "Daniel P. Berrange" <berra...@redhat.com> writes: > > > On Fri, Nov 20, 2015 at 03:09:25PM -0700, Eric Blake wrote: > >> On 11/20/2015 11:04 AM, Daniel P. Berrange wrote: > >> > + > >> > +static const char *base64_valid_chars = > >> > + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; > >> > + > >> > +static int > >> > +qcrypto_secret_validate_base64(const uint8_t *input, > >> > + size_t inputlen, > >> > + Error **errp) > >> > >> Don't we already have base64 utility methods available? > > > > We normally use glib, g_base64_encode/decode. Unfortunately the > > decode method doesn't provide any usefull error reporting facility. > > It just silently skips any characters that are outside the valid > > set. So the only way I could get any kind of sensible error report > > was to do this validation myself against the set of permitted base64 > > characters. > > Yes. Same problem elsewhere, e.g. ringbuf-write. qapi-schema.json: > > # - base64: data must be base64 encoded text. Its binary > # decoding gets written. > # Bug: invalid base64 is currently not rejected. > # Whitespace *is* invalid. > > This suggests that we shouldn't bury this in crypto/, but instead add it > to util/. > > A replacement for g_base64_decode() could be easier to use than a > checker function to use in addition to g_base64_decode(),
Yeah, that's a good idea. I'll look at that. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|