Bug in std/base64.e
- Posted by rzuckerm 1 month ago
- 1755 views
I didn't see any way to log an issue in https://github.com/OpenEuphoria/euphoria, but there is a bug in std/base64.e. The decode function does not do any error checking except for making sure that the length of the input is a multiple of 4. Here are some checks that I think is needs to have:
- Make sure that there are no more than 2 pad characters at the end
- Once pads are removed from the end, make sure that all characters are valid Base64
Also, the documentation does not mention that -1 is output if the input has any errors.
Here is what I had to add to my code to do the necessary error checking (I'm sure there's a better way to do this):
constant re_not_base64_chars = re:new("[^A-Za-z0-9+/]") -- Base64 decode -- -- Although the built-in Base64 decode is available, it does not do a very good -- job of error checking the input other that making sure that the input length -- is a multiple of 4. The output of this function is -1 if the input string -- is invalid, the Base64 decoded string otherwise. function base64_decode(sequence str) -- Error if more than 2 pad trailing characters atom str_length = length(str) atom pad_length = str_length - length(trim_tail(str, "=")) if pad_length > 2 then return -1 end if -- Remove trailing pad characters str_length -= pad_length -- Error if invalid Base64 characters if re:has_match(re_not_base64_chars, str[1..str_length]) then return -1 end if -- Use Base64 decode library function return base64:decode(str) end function
I'm willing to do a PR to fix this, but I didn't see any contributing guide or any documentation on how to test changes.
