False positive on master branch

[FlyingCodeMonkey]

Hi,

I'm testing CocoaFob master branch (can't use no-openssl branch as I need to target 10.6) and have come across a false positive situation in objective-c.

I generated the licence code using the PHP script with the following input:

ProductCode: MyAppAB
Name: mark
email: test@mark.co.uk

Which produced the following licence code: GAWQE-F9A2F-TS2DW-ZYSZE-ZSK2N-PL23V-H76X8-G7NVX-A9KB3-8NFYW-L8WFD-3CD72-EYGHM-ZYKLG-BC8ZQ-Q

That, correctly, verifies in PHP and Objective-C. However, changing the final character (from Q to R for example) also verifies in Objective-C, but not PHP. PHP correctly says it's invalid and gives an error about "found non-zero padding in Base32Decode".

The same is true of licence code GAWQE-FBMG4-RB8NU-4642P-T4FZF-5224K-DGSXZ-M7FQC-CUALV-WDN7C-9X8KW-FQG5B-5TQTZ-B8NPR-5D5Y5-Q which was generated from the same input.

[lovette]

I just noticed the same thing! Glad to see I'm not the only one stumped by this.

I was changing the last character of some codes just to test my logic statements and was surprised to get YES where I expected NO.

For example, given this code:

GAWQE-F9AWA-KDDGU-6AMPY-UPBDU-AJS6U-8W28F-VRPFB-A9KD9-SDAUH-BCYAK-AUG7W-6K2XZ-NWTPA-NZLNX-B

Verification will succeed if the last "B" is any character between [A-P]. Changing any other character does cause verification to fail.

I'm not a crypto expert and just assume there is a sane reason why this is the case.