From: Ilia Alshanetsky Date: Sat, 6 May 2006 22:47:14 +0000 (+0000) Subject: Fixed bug #37244 (Added strict flag to base64_decode() that enforces X-Git-Tag: php-5.2.0RC1~652 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7e8409de8caf8cf63c9a6728fb90f3681d4128c5;p=php Fixed bug #37244 (Added strict flag to base64_decode() that enforces RFC3548 compliance). --- diff --git a/NEWS b/NEWS index dba4c605d2..917c78efb4 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ PHP NEWS ?? ??? 2006, PHP 5.2.0 - Fixed bug #37313 (sigemptyset() used without including ). (jdolecek) +- Fixed bug #37244 (Added strict flag to base64_decode() that enforces + RFC3548 compliance). (Ilia) 04 May 2006, PHP 5.1.4 - Added "capture_peer_cert" and "capture_peer_cert_chain" context options diff --git a/ext/standard/base64.c b/ext/standard/base64.c index 3e33f19d54..6b209843c8 100644 --- a/ext/standard/base64.c +++ b/ext/standard/base64.c @@ -34,22 +34,22 @@ static const char base64_table[] = static const char base64_pad = '='; static const short base64_reverse_table[256] = { - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, - -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, - -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 + -2, -2, -2, -2, -2, -2, -2, -2, -2, -1, -1, -2, -2, -1, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 62, -2, -2, -2, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -2, -2, -2, -2, -2, -2, + -2, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -2, -2, -2, -2, -2, + -2, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2 }; /* }}} */ @@ -135,9 +135,14 @@ void php_base64_init() */ /* }}} */ +PHPAPI unsigned char *php_base64_decode(const unsigned char *str, int length, int *ret_length) +{ + return php_base64_decode_ex(str, length, ret_length, 0); +} + /* {{{ php_base64_decode */ /* as above, but backwards. :) */ -PHPAPI unsigned char *php_base64_decode(const unsigned char *str, int length, int *ret_length) +PHPAPI unsigned char *php_base64_decode_ex(const unsigned char *str, int length, int *ret_length, zend_bool strict) { const unsigned char *current = str; int ch, i = 0, j = 0, k; @@ -145,16 +150,18 @@ PHPAPI unsigned char *php_base64_decode(const unsigned char *str, int length, in unsigned char *result; result = (unsigned char *)emalloc(length + 1); - if (result == NULL) { - return NULL; - } /* run through the whole string, converting as we go */ while ((ch = *current++) != '\0' && length-- > 0) { if (ch == base64_pad) break; ch = base64_reverse_table[ch]; - if (ch < 0) continue; + if ((!strict && ch < 0) || ch == -1) { /* a space or some other separator character, we simply skip over */ + continue; + } else if (ch == -2) { + efree(result); + return NULL; + } switch(i % 4) { case 0: @@ -217,18 +224,19 @@ PHP_FUNCTION(base64_encode) /* }}} */ -/* {{{ proto string base64_decode(string str) +/* {{{ proto string base64_decode(string str[, bool strict]) Decodes string using MIME base64 algorithm */ PHP_FUNCTION(base64_decode) { char *str; unsigned char *result; + zend_bool strict = 0; int str_len, ret_length; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &str, &str_len) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|b", &str, &str_len, &strict) == FAILURE) { return; } - result = php_base64_decode(str, str_len, &ret_length); + result = php_base64_decode_ex(str, str_len, &ret_length, strict); if (result != NULL) { RETVAL_STRINGL(result, ret_length, 0); } else { diff --git a/ext/standard/base64.h b/ext/standard/base64.h index 45b86e85a6..b58ed33a01 100644 --- a/ext/standard/base64.h +++ b/ext/standard/base64.h @@ -25,6 +25,7 @@ PHP_FUNCTION(base64_decode); PHP_FUNCTION(base64_encode); PHPAPI extern unsigned char *php_base64_encode(const unsigned char *, int, int *); +PHPAPI extern unsigned char *php_base64_decode_ex(const unsigned char *, int, int *, zend_bool); PHPAPI extern unsigned char *php_base64_decode(const unsigned char *, int, int *); #endif /* BASE64_H */