#11 Urlsafe decoding of unpadded Base64 returns cropped results

open
nobody
None
5
2012-12-06
2012-02-21
No

If iharder Base64 is used to decode urlsafe encoded Base64 which is missing the padding
iharder silently crops the result.

What I would have expected would be to either
- throw an Exception because of invalid input
- to be liberal in what you accept (http://tools.ietf.org/html/rfc1122#section-1.2.2)
and return the right result in spite of the missing padding

How it is done now is dangerous because it hides errors.
See the attached Testcase which tries to decode the urlsafe
by Apache Commons Codec 1.6 encoded string
"ACPI" and gets "ACP" as result.

This also destroys interoperability between iharder Base64 and other libraries used
for Base64 encoding. Since encoding and decoding are often done by different
components this is a severe bug.

Discussion

  • Stefan Fleiter

    Stefan Fleiter - 2012-02-21

    JUnit Testcase

     
    Attachments
  • Stefan Fleiter

    Stefan Fleiter - 2012-02-21

    Handling that gracefully seems to be difficult to integrate in the structure of the code.
    Therefore I will attach a patch which will throw an IllegalArgumentException when length
    of Input is not a multiple of 4 which is true when padding is missing.

     
  • Stefan Fleiter

    Stefan Fleiter - 2012-02-21

    Patch to reject decode input when padding is missing and add test for that

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks