You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2013/03/22 18:04:48 UTC
svn commit: r1459901 - in /commons/proper/fileupload/trunk/src: main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java

Author: sebb
Date: Fri Mar 22 17:04:48 2013
New Revision: 1459901

URL: http://svn.apache.org/r1459901
Log:
Add check for invalid leading pad characters.
Make the exception message more specific

Modified:
    commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java
    commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java

Modified: commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java
URL: http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java?rev=1459901&r1=1459900&r2=1459901&view=diff
==============================================================================
--- commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java (original)
+++ commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/util/mime/Base64Decoder.java Fri Mar 22 17:04:48 2013
@@ -114,23 +114,30 @@ final class Base64Decoder {
             }
             cache[cachedBytes++] = d;
             if (cachedBytes == INPUT_BYTES_PER_CHUNK) {
+                // CHECKSTYLE IGNORE MagicNumber FOR NEXT 4 LINES
+                final byte b1 = cache[0];
+                final byte b2 = cache[1];
+                final byte b3 = cache[2];
+                final byte b4 = cache[3];
+                if (b1 == PAD_BYTE || b2 == PAD_BYTE) {
+                    throw new IOException("Invalid Base64 input: incorrect padding, first two bytes cannot be padding");
+                }
                 // Convert 4 6-bit bytes to 3 8-bit bytes
                 // CHECKSTYLE IGNORE MagicNumber FOR NEXT 1 LINE
-                out.write((cache[0] << 2) | (cache[1] >> 4)); // 6 bits of b1 plus 2 bits of b2
+                out.write((b1 << 2) | (b2 >> 4)); // 6 bits of b1 plus 2 bits of b2
                 outLen++;
-                if (cache[2] != PAD_BYTE) {
+                if (b3 != PAD_BYTE) {
                     // CHECKSTYLE IGNORE MagicNumber FOR NEXT 1 LINE
-                    out.write((cache[1] << 4) | (cache[2] >> 2)); // 4 bits of b2 plus 4 bits of b3
+                    out.write((b2 << 4) | (b3 >> 2)); // 4 bits of b2 plus 4 bits of b3
                     outLen++;
-                    // CHECKSTYLE IGNORE MagicNumber FOR NEXT 1 LINE
-                    if (cache[3] != PAD_BYTE) {
+                    if (b4 != PAD_BYTE) {
                         // CHECKSTYLE IGNORE MagicNumber FOR NEXT 1 LINE
-                        out.write((cache[2] << 6) | cache[3]);        // 2 bits of b3 plus 6 bits of b4
+                        out.write((b3 << 6) | b4);        // 2 bits of b3 plus 6 bits of b4
                         outLen++;
                     }
-                // CHECKSTYLE IGNORE MagicNumber FOR NEXT 1 LINE
-                } else if (cache[3] != PAD_BYTE) { // if byte 3 is pad, byte 4 must be pad too
-                    throw new IOException("Invalid Base64 input: incorrect padding");
+                } else if (b4 != PAD_BYTE) { // if byte 3 is pad, byte 4 must be pad too
+                    throw new // line wrap to avoid 120 char limit
+                    IOException("Invalid Base64 input: incorrect padding, 4th byte must be padding if 3rd byte is");
                 }
                 cachedBytes = 0;
             }

Modified: commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java
URL: http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java?rev=1459901&r1=1459900&r2=1459901&view=diff
==============================================================================
--- commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java (original)
+++ commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/util/mime/Base64DecoderTestCase.java Fri Mar 22 17:04:48 2013
@@ -107,7 +107,17 @@ public final class Base64DecoderTestCase
 
     @Test
     public void badPadding() throws Exception {
-        assertIOException("incorrect padding", "Zg=a");
+        assertIOException("incorrect padding, 4th byte", "Zg=a");
+    }
+
+    @Test
+    public void badPaddingLeading1() throws Exception {
+        assertIOException("incorrect padding, first two bytes cannot be padding", "=A==");
+    }
+
+    @Test
+    public void badPaddingLeading2() throws Exception {
+        assertIOException("incorrect padding, first two bytes cannot be padding", "====");
     }
 
     // This input causes java.lang.ArrayIndexOutOfBoundsException: 1