Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

binascii.a2b_base64 strict mode accepts invalid base64 input #118314

Closed
zhangyoufu opened this issue Apr 26, 2024 · 0 comments
Closed

binascii.a2b_base64 strict mode accepts invalid base64 input #118314

zhangyoufu opened this issue Apr 26, 2024 · 0 comments
Labels
type-bug An unexpected behavior, bug, or error

Comments

@zhangyoufu
Copy link
Contributor

zhangyoufu commented Apr 26, 2024
edited by bedevere-app bot

Bug report

Bug description:

>>> import binascii
>>> f = lambda s: binascii.a2b_base64(s, strict_mode=True)
>>> f('AAAA')
b'\x00\x00\x00'
>>> f('AAAA=')
b'\x00\x00\x00'
>>> f('AAAA==')
b'\x00\x00\x00'
>>> f('AAAA===')
b'\x00\x00\x00'
>>> f('AAAA====')
b'\x00\x00\x00'
>>> f('AAAA=====')
b'\x00\x00\x00'

Doc/library/binascii.rst defines that a valid base64 "Contains no excess data after padding (including excess padding, newlines, etc.)". However, current implement does not handle the edge case of excess padding after no padding.

CPython versions tested on:

3.12

Operating systems tested on:

macOS

Linked PRs
@zhangyoufu zhangyoufu added the type-bug An unexpected behavior, bug, or error label Apr 26, 2024
zhangyoufu added a commit to zhangyoufu/cpython that referenced this issue Apr 26, 2024
@zhangyoufu
add test case for pythongh-118314
f02dbad
zhangyoufu added a commit to zhangyoufu/cpython that referenced this issue Apr 26, 2024
@zhangyoufu
fix pythongh-118314
1089a1d
zhangyoufu added a commit to zhangyoufu/cpython that referenced this issue Apr 26, 2024
@zhangyoufu
pythongh-118314: Fix padding edge case in binascii.a2b_base64 strict …
84b8420 
…mode
@bedevere-app bedevere-app bot mentioned this issue Apr 26, 2024
Merged
@zhangyoufu zhangyoufu changed the title binascii.a2b_base64 with strict_mode=True accepts invalid base64 input binascii.a2b_base64 strict mode accepts invalid base64 input Apr 26, 2024
terryjreedy added a commit to zhangyoufu/cpython that referenced this issue Apr 26, 2024
@terryjreedy
Merge branch 'main' into pythongh-118314
d2637b7
encukou pushed a commit that referenced this issue May 7, 2024
@zhangyoufu @terryjreedy @eendebakpt
gh-118314: Fix padding edge case in binascii.a2b_base64 strict mode (G…
fe47d9b 
…H-118320)

Fix an edge case in `binascii.a2b_base64` strict mode, where
excessive padding was not detected when no padding is necessary.

Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue May 7, 2024
@zhangyoufu @terryjreedy
@eendebakpt @miss-islington
pythongh-118314: Fix padding edge case in binascii.a2b_base64 strict …
8ee2b08 
…mode (pythonGH-118320)

Fix an edge case in `binascii.a2b_base64` strict mode, where
excessive padding was not detected when no padding is necessary.

(cherry picked from commit fe47d9b)

Co-authored-by: Youfu Zhang <1315097+zhangyoufu@users.noreply.github.com>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>
@bedevere-app bedevere-app bot mentioned this issue May 7, 2024
Merged
encukou pushed a commit that referenced this issue May 7, 2024
@miss-islington @zhangyoufu
@terryjreedy @eendebakpt
[3.12] gh-118314: Fix padding edge case in binascii.a2b_base64 strict…
56c61cc 
… mode (GH-118320) (GH-118691)

gh-118314: Fix padding edge case in binascii.a2b_base64 strict mode (GH-118320)

Fix an edge case in `binascii.a2b_base64` strict mode, where
excessive padding was not detected when no padding is necessary.

(cherry picked from commit fe47d9b)

Co-authored-by: Youfu Zhang <1315097+zhangyoufu@users.noreply.github.com>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>
@encukou encukou closed this as completed May 7, 2024
SonicField pushed a commit to SonicField/cpython that referenced this issue May 8, 2024
@zhangyoufu @terryjreedy
@eendebakpt @SonicField
pythongh-118314: Fix padding edge case in binascii.a2b_base64 strict …
a3213b3 
…mode (pythonGH-118320)

Fix an edge case in `binascii.a2b_base64` strict mode, where
excessive padding was not detected when no padding is necessary.

Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@encukou @zhangyoufu