base64_decode: fix bug #72152 (fail on NUL bytes in strict mode)

This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.

diff --git a/ext/standard/base64.c b/ext/standard/base64.c
index e8d7f04aa4ef1e69ba1f2afa25594d4167800438..6c890e34fce922fa2e5cb04d26c460c4288eebfd 100644 (file)
--- a/ext/standard/base64.c
+++ b/ext/standard/base64.c
@@ -143,7 +143,12 @@ PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length
        result = zend_string_alloc(length, 0);
 
        /* run through the whole string, converting as we go */
-       while (length-- > 0 && (ch = *current++) != '\0') {
+       while (length-- > 0) {
+               ch = *current++;
+               /* stop on null byte in non-strict mode (FIXME: is this really desired?) */
+               if (ch == 0 && !strict) {
+                       break;
+               }
                if (ch == base64_pad) {
                        /* fail if the padding character is second in a group (like V===) */
                        /* FIXME: why do we still allow invalid padding in other places in the middle of the string? */

diff --git a/ext/standard/tests/strings/bug72152.phpt b/ext/standard/tests/strings/bug72152.phpt
new file mode 100644 (file)
index 0000000..440a90e
--- /dev/null
+++ b/ext/standard/tests/strings/bug72152.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #72152 (base64_decode $strict fails to detect null byte)
+--FILE--
+<?php
+var_dump(base64_decode("\x00", true));
+var_dump(base64_decode("\x00VVVV", true));
+var_dump(base64_decode("VVVV\x00", true));
+--EXPECT--
+bool(false)
+bool(false)
+bool(false)