Require strict base64 in openssl_decode

Using invalid data in a security-related context makes no sense,
and there's even a test which depends on invalid base64 data failing,
even though it currently fails for the wrong reasons by sheer luck.

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index e01d4a50e600dcd0fce43d956162eeccda085892..d41ba73291b0575bef5f1a038c32f027dd3bb9fb 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -6375,7 +6375,7 @@ PHP_FUNCTION(openssl_decrypt)
        php_openssl_load_cipher_mode(&mode, cipher_type);
 
        if (!(options & OPENSSL_RAW_DATA)) {
-               base64_str = php_base64_decode((unsigned char*)data, (int)data_len);
+               base64_str = php_base64_decode_ex((unsigned char*)data, (int)data_len, 1);
                if (!base64_str) {
                        php_error_docref(NULL, E_WARNING, "Failed to base64 decode the input");
                        EVP_CIPHER_CTX_free(cipher_ctx);