From: Nikita Popov <nikic@php.net>
Date: Fri, 22 Jul 2016 16:20:34 +0000 (+0200)
Subject: Make base64_decode() in non-strict mode binary safe
X-Git-Tag: php-7.1.0beta2~86^2~21
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bb51da29dc73a5cb9c26e4926d9f0aa4d54f600b;p=php

Make base64_decode() in non-strict mode binary safe
---

diff --git a/NEWS b/NEWS
index 7eb93e164c..841aade0d7 100644
--- a/NEWS
+++ b/NEWS
@@ -7,17 +7,18 @@ PHP                                                                        NEWS
     IntlCalendar and adds a property). (Laruence)
 
 - OpenSSL:
-  . Use strict mode when decoding base64 in openssl_decrypt().
+  . Use strict mode when decoding base64 in openssl_decrypt(). (Lauri Kenttä)
 
 - SPL:
   . Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
     character). (cmb)
 
 - Standard:
-  . Made padding checks in base64_decode() strict mode stricter.
+  . Made base64_decode() padding checks in strict mode stricter. (Lauri Kenttä)
+  . Made base64_decode() in non-strict mode binary safe. (Lauri Kenttä)
 
 - Streams:
-  . Use strict mode when decoding base64 in data URIs.
+  . Use strict mode when decoding base64 in data URIs. (Lauri Kenttä)
 
 - XMLRPC:
   . Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing
diff --git a/ext/standard/base64.c b/ext/standard/base64.c
index 87cc1e8639..64f21044e7 100644
--- a/ext/standard/base64.c
+++ b/ext/standard/base64.c
@@ -144,10 +144,6 @@ PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length
 	/* run through the whole string, converting as we go */
 	while (length-- > 0) {
 		ch = *current++;
-		/* stop on null byte in non-strict mode (FIXME: is this really desired?) */
-		if (ch == 0 && !strict) {
-			break;
-		}
 		if (ch == base64_pad) {
 			padding++;
 			continue;
diff --git a/ext/standard/tests/url/base64_decode_basic_003.phpt b/ext/standard/tests/url/base64_decode_basic_003.phpt
index 981dadede4..43596757b1 100644
--- a/ext/standard/tests/url/base64_decode_basic_003.phpt
+++ b/ext/standard/tests/url/base64_decode_basic_003.phpt
@@ -104,14 +104,14 @@ base64 "V*V=="          non-strict "U"      strict false
 base64 "VV*=="          non-strict "U"      strict false
 base64 "VV=*="          non-strict "U"      strict false
 base64 "VV==*"          non-strict "U"      strict false
-base64 "\u0000VV=="     non-strict ""       strict false
-base64 "V\u0000V=="     non-strict ""       strict false
+base64 "\u0000VV=="     non-strict "U"      strict false
+base64 "V\u0000V=="     non-strict "U"      strict false
 base64 "VV\u0000=="     non-strict "U"      strict false
 base64 "VV=\u0000="     non-strict "U"      strict false
 base64 "VV==\u0000"     non-strict "U"      strict false
-base64 "\u0000VVV=="    non-strict ""       strict false
-base64 "V\u0000VV=="    non-strict ""       strict false
-base64 "VV\u0000V=="    non-strict "U"      strict false
+base64 "\u0000VVV=="    non-strict "UU"     strict false
+base64 "V\u0000VV=="    non-strict "UU"     strict false
+base64 "VV\u0000V=="    non-strict "UU"     strict false
 base64 "VVV\u0000=="    non-strict "UU"     strict false
 base64 "VVV=\u0000="    non-strict "UU"     strict false
 base64 "VVV==\u0000"    non-strict "UU"     strict false