You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2013/03/22 18:04:48 UTC
svn commit: r1459901 - in /commons/proper/fileupload/trunk/src:
main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java
test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java
Author: sebb
Date: Fri Mar 22 17:04:48 2013
New Revision: 1459901
URL: http://svn.apache.org/r1459901
Log:
Add check for invalid leading pad characters.
Make the exception message more specific
Modified:
commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java
commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java
Modified: commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java
URL: http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java?rev=1459901&r1=1459900&r2=1459901&view=diff
==============================================================================
--- commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java (original)
+++ commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java Fri Mar 22 17:04:48 2013
@@ -114,23 +114,30 @@ final class Base64Decoder {
}
cache[cachedBytes++] = d;
if (cachedBytes == INPUT_BYTES_PER_CHUNK) {
+ // CHECKSTYLE IGNORE MagicNumber FOR NEXT 4 LINES
+ final byte b1 = cache[0];
+ final byte b2 = cache[1];
+ final byte b3 = cache[2];
+ final byte b4 = cache[3];
+ if (b1 == PAD_BYTE || b2 == PAD_BYTE) {
+ throw new IOException("Invalid Base64 input: incorrect padding, first two bytes cannot be padding");
+ }
// Convert 4 6-bit bytes to 3 8-bit bytes
// CHECKSTYLE IGNORE MagicNumber FOR NEXT 1 LINE
- out.write((cache[0] << 2) | (cache[1] >> 4)); // 6 bits of b1 plus 2 bits of b2
+ out.write((b1 << 2) | (b2 >> 4)); // 6 bits of b1 plus 2 bits of b2
outLen++;
- if (cache[2] != PAD_BYTE) {
+ if (b3 != PAD_BYTE) {
// CHECKSTYLE IGNORE MagicNumber FOR NEXT 1 LINE
- out.write((cache[1] << 4) | (cache[2] >> 2)); // 4 bits of b2 plus 4 bits of b3
+ out.write((b2 << 4) | (b3 >> 2)); // 4 bits of b2 plus 4 bits of b3
outLen++;
- // CHECKSTYLE IGNORE MagicNumber FOR NEXT 1 LINE
- if (cache[3] != PAD_BYTE) {
+ if (b4 != PAD_BYTE) {
// CHECKSTYLE IGNORE MagicNumber FOR NEXT 1 LINE
- out.write((cache[2] << 6) | cache[3]); // 2 bits of b3 plus 6 bits of b4
+ out.write((b3 << 6) | b4); // 2 bits of b3 plus 6 bits of b4
outLen++;
}
- // CHECKSTYLE IGNORE MagicNumber FOR NEXT 1 LINE
- } else if (cache[3] != PAD_BYTE) { // if byte 3 is pad, byte 4 must be pad too
- throw new IOException("Invalid Base64 input: incorrect padding");
+ } else if (b4 != PAD_BYTE) { // if byte 3 is pad, byte 4 must be pad too
+ throw new // line wrap to avoid 120 char limit
+ IOException("Invalid Base64 input: incorrect padding, 4th byte must be padding if 3rd byte is");
}
cachedBytes = 0;
}
Modified: commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java
URL: http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java?rev=1459901&r1=1459900&r2=1459901&view=diff
==============================================================================
--- commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java (original)
+++ commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java Fri Mar 22 17:04:48 2013
@@ -107,7 +107,17 @@ public final class Base64DecoderTestCase
@Test
public void badPadding() throws Exception {
- assertIOException("incorrect padding", "Zg=a");
+ assertIOException("incorrect padding, 4th byte", "Zg=a");
+ }
+
+ @Test
+ public void badPaddingLeading1() throws Exception {
+ assertIOException("incorrect padding, first two bytes cannot be padding", "=A==");
+ }
+
+ @Test
+ public void badPaddingLeading2() throws Exception {
+ assertIOException("incorrect padding, first two bytes cannot be padding", "====");
}
// This input causes java.lang.ArrayIndexOutOfBoundsException: 1