coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] base32,base64: disallow non-canonical encodings


From: Pádraig Brady
Subject: [PATCH] base32,base64: disallow non-canonical encodings
Date: Fri, 27 Oct 2023 14:18:51 +0100

This will make decoding more resilient to corruption
whether due to transmission errors or nefarious adjustment.
See https://eprint.iacr.org/2022/361.pdf

* gnulib: Update to commit 3f463202bd enforcing canonical encoding.
* tests/basenc/base64.pl: Add a test cases, and adjust existing.
* NEWS: Mention the change in behavior.
---
 NEWS                   | 3 +++
 gnulib                 | 2 +-
 tests/basenc/base64.pl | 8 ++++++--
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index 1dfeb7390..6ef8d6191 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,9 @@ GNU coreutils NEWS                                    -*- 
outline -*-
   base32 and base64 no longer require padding when decoding.
   Previously an error was given for non padded encoded data.
 
+  base32 and base64 no longer allow non-canonical encodings.
+  Previously encodings with non zero padding bits were accepted.
+
   basenc --base16 -d now supports lower case hexadecimal characters.
   Previously an error was given for lower case hex digits.
 
diff --git a/gnulib b/gnulib
index e0ae1a7f3..3f463202b 160000
--- a/gnulib
+++ b/gnulib
@@ -1 +1 @@
-Subproject commit e0ae1a7f324d6b9462735273bc5a2848c712f883
+Subproject commit 3f463202bdd8684c649ee9eb5d9ba867dc6e8f08
diff --git a/tests/basenc/base64.pl b/tests/basenc/base64.pl
index 40c6c3d07..0dc8dfe37 100755
--- a/tests/basenc/base64.pl
+++ b/tests/basenc/base64.pl
@@ -124,11 +124,15 @@ sub gen_tests($)
         push @Tests, (
           ['baddecode', '--decode', {IN=>'a'}, {OUT=>""},
           {ERR_SUBST => 's/.*: invalid input//'}, {ERR => "\n"}, {EXIT => 1}],
-          ['paddecode2', '--decode', {IN=>'ab'}, {OUT=>"i"}],
-          ['paddecode3', '--decode', {IN=>'Zzz'}, {OUT=>"g<"}],
+          ['paddecode2', '--decode', {IN=>'aQ'}, {OUT=>"i"}],
+          ['paddecode3', '--decode', {IN=>'Zzw'}, {OUT=>"g<"}],
           ['baddecode4', '--decode', {IN=>'Zz='}, {OUT=>"g"},
           {ERR_SUBST => 's/.*: invalid input//'}, {ERR => "\n"}, {EXIT => 1}],
           ['baddecode5', '--decode', {IN=>'Z==='}, {OUT=>""},
+          {ERR_SUBST => 's/.*: invalid input//'}, {ERR => "\n"}, {EXIT => 1}],
+          ['baddecode6', '--decode', {IN=>'SB=='}, {OUT=>"H"},
+          {ERR_SUBST => 's/.*: invalid input//'}, {ERR => "\n"}, {EXIT => 1}],
+          ['baddecode7', '--decode', {IN=>'SGVsbG9='}, {OUT=>"Hello"},
           {ERR_SUBST => 's/.*: invalid input//'}, {ERR => "\n"}, {EXIT => 1}]
         );
     }
-- 
2.41.0




reply via email to

[Prev in Thread] Current Thread [Next in Thread]