bjori Mon Jun 26 22:17:43 2006 UTC Added files: /php-src/ext/standard/tests/strings bug37244.phpt
Modified files: /php-src/ext/standard base64.c base64.h Log: MFB: bug #37244 (base64_decode violates RFC 3548) -Add test http://cvs.php.net/viewvc.cgi/php-src/ext/standard/base64.c?r1=1.47&r2=1.48&diff_format=u Index: php-src/ext/standard/base64.c diff -u php-src/ext/standard/base64.c:1.47 php-src/ext/standard/base64.c:1.48 --- php-src/ext/standard/base64.c:1.47 Sun May 21 13:25:16 2006 +++ php-src/ext/standard/base64.c Mon Jun 26 22:17:42 2006 @@ -15,7 +15,7 @@ | Author: Jim Winstead <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: base64.c,v 1.47 2006/05/21 13:25:16 helly Exp $ */ +/* $Id: base64.c,v 1.48 2006/06/26 22:17:42 bjori Exp $ */ #include <string.h> @@ -34,22 +34,22 @@ static const char base64_pad = '='; static const short base64_reverse_table[256] = { - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, - -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, - -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 + -2, -2, -2, -2, -2, -2, -2, -2, -2, -1, -1, -2, -2, -1, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 62, -2, -2, -2, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -2, -2, -2, -2, -2, -2, + -2, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -2, -2, -2, -2, -2, + -2, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2 }; /* }}} */ @@ -135,9 +135,14 @@ */ /* }}} */ +PHPAPI unsigned char *php_base64_decode(const unsigned char *str, int length, int *ret_length) +{ + return php_base64_decode_ex(str, length, ret_length, 0); +} + /* {{{ php_base64_decode */ /* as above, but backwards. :) */ -PHPAPI unsigned char *php_base64_decode(const unsigned char *str, int length, int *ret_length) +PHPAPI unsigned char *php_base64_decode_ex(const unsigned char *str, int length, int *ret_length, zend_bool strict) { const unsigned char *current = str; int ch, i = 0, j = 0, k; @@ -145,13 +150,18 @@ unsigned char *result; result = (unsigned char *)safe_emalloc(length, 1, 1); - + /* run through the whole string, converting as we go */ while ((ch = *current++) != '\0' && length-- > 0) { if (ch == base64_pad) break; ch = base64_reverse_table[ch]; - if (ch < 0) continue; + if ((!strict && ch < 0) || ch == -1) { /* a space or some other separator character, we simply skip over */ + continue; + } else if (ch == -2) { + efree(result); + return NULL; + } switch(i % 4) { case 0: @@ -214,18 +224,19 @@ /* }}} */ -/* {{{ proto string base64_decode(string str) +/* {{{ proto string base64_decode(string str[, bool strict]) Decodes string using MIME base64 algorithm */ PHP_FUNCTION(base64_decode) { char *str; unsigned char *result; + zend_bool strict = 0; int str_len, ret_length; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &str, &str_len) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|b", &str, &str_len, &strict) == FAILURE) { return; } - result = php_base64_decode((unsigned char*)str, str_len, &ret_length); + result = php_base64_decode_ex(str, str_len, &ret_length, strict); if (result != NULL) { RETVAL_STRINGL((char*)result, ret_length, 0); } else { http://cvs.php.net/viewvc.cgi/php-src/ext/standard/base64.h?r1=1.15&r2=1.16&diff_format=u Index: php-src/ext/standard/base64.h diff -u php-src/ext/standard/base64.h:1.15 php-src/ext/standard/base64.h:1.16 --- php-src/ext/standard/base64.h:1.15 Sun Jan 1 13:09:54 2006 +++ php-src/ext/standard/base64.h Mon Jun 26 22:17:43 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: base64.h,v 1.15 2006/01/01 13:09:54 sniper Exp $ */ +/* $Id: base64.h,v 1.16 2006/06/26 22:17:43 bjori Exp $ */ #ifndef BASE64_H #define BASE64_H @@ -25,6 +25,7 @@ PHP_FUNCTION(base64_encode); PHPAPI extern unsigned char *php_base64_encode(const unsigned char *, int, int *); +PHPAPI extern unsigned char *php_base64_decode_ex(const unsigned char *, int, int *, zend_bool); PHPAPI extern unsigned char *php_base64_decode(const unsigned char *, int, int *); #endif /* BASE64_H */ http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/bug37244.phpt?view=markup&rev=1.1 Index: php-src/ext/standard/tests/strings/bug37244.phpt +++ php-src/ext/standard/tests/strings/bug37244.phpt --TEST-- Bug #37244 (base64_decode violates RFC 3548) --FILE-- <?php $strings = array( 'SW1wbGVtZW50YXRpb25zIE1VU1QgcmVqZWN0IHRoZSBlbmNvZGluZyBpZiBpdCBjb250YWlucyBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIGJhc2UgYWxwaGFiZXQu', 'SW1wbGVtZW$0YXRpb25zIE1VU1QgcmVqZWN0IHRoZSBlbmNvZGluZyBpZiBpdCBjb250YWlucyBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIGJhc2UgYWxwaGFiZXQu', 'SW1wbGVtZW0YXRpb25zIE1VU1QgcmVqZWN0IHRoZSBlbmNvZGluZyBpZiBpdCBjb250YWlucyBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIGJhc2UgYWxwaGFiZXQu' ); foreach($strings as $string) { var_dump(base64_decode($string, true)); } ?> --EXPECT-- string(93) "Implementations MUST reject the encoding if it contains characters outside the base alphabet." bool(false) string(92) "Implemem][ÛÈUTÕZXÝH[ÛÙ[ÈY]ÛÛZ[ÈÚ\XÝ\ÈÝ]ÚYHH\ÙH[X]" -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php