[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#10536: 23.3; Make base64-decode more fault tolerant
|
From: |
Eli Zaretskii |
|
Subject: |
bug#10536: 23.3; Make base64-decode more fault tolerant |
|
Date: |
Wed, 18 Apr 2018 09:20:43 +0300 |
> From: Lars Ingebrigtsen <larsi@gnus.org>
> Date: Wed, 18 Apr 2018 00:22:42 +0200
> Cc: 10536@debbugs.gnu.org
>
> > --- src/fns.c~ 2011-04-05 05:46:44.000000000 +0200
> > +++ src/fns.c 2012-01-17 13:59:26.000000000 +0100
> > @@ -3590,7 +3590,8 @@
> >
> > if (c == '=')
> > {
> > - READ_QUADRUPLET_BYTE (-1);
> > + /* Be tolerant against missing final padding '='. */
> > + READ_QUADRUPLET_BYTE (e-to);
>
> It probably won't harm anything to add this patch... On the other hand,
> it's not very common to have base64 encoded data that fails in this
> manner.
>
> What do the rest of you people think? (I think I'm slightly for
> applying the patch. "Be liberal in what you receive" and all that.)
Could this "omission" be a sign of malicious stuff in there? If so,
maybe it's better to introduce a variable that would allow this to be
tolerated, and by default fail with a message telling the user that if
they trust the source of the data, set the variable and retry?