From: Ilia Alshanetsky Date: Wed, 21 Jan 2009 15:45:29 +0000 (+0000) Subject: MFB: Fixed bug #47174 (base64_decode() interprets pad char in mid string as X-Git-Tag: php-5.2.9RC1~64 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3a78a0181799e8043fd6bc78c083c72af538d73b;p=php MFB: Fixed bug #47174 (base64_decode() interprets pad char in mid string as terminator) --- diff --git a/NEWS b/NEWS index 844947aec2..012158b8c7 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,8 @@ PHP NEWS - Fixed bug in xml_error_string() which resulted in messages being off by one. (Scott) +- Fixed bug #47174 (base64_decode() interprets pad char in mid string as + terminator). (Ilia) - Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry) - Fixed bug #47152 (gzseek/fseek using SEEK_END produces strange results). diff --git a/ext/standard/base64.c b/ext/standard/base64.c index c7c25a8979..b163ce4849 100644 --- a/ext/standard/base64.c +++ b/ext/standard/base64.c @@ -153,7 +153,14 @@ PHPAPI unsigned char *php_base64_decode_ex(const unsigned char *str, int length, /* run through the whole string, converting as we go */ while ((ch = *current++) != '\0' && length-- > 0) { - if (ch == base64_pad) break; + if (ch == base64_pad) { + if (*current != '=' && (i % 4) == 1) { + efree(result); + return NULL; + } + i++; + continue; + } ch = base64_reverse_table[ch]; if ((!strict && ch < 0) || ch == -1) { /* a space or some other separator character, we simply skip over */