You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Alex Herbert (Jira)" <ji...@apache.org> on 2019/11/28 10:55:00 UTC

[jira] [Resolved] (CODEC-270) Base32 and Base64 still allow decoding some invalid trailing characters

     [ https://issues.apache.org/jira/browse/CODEC-270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alex Herbert resolved CODEC-270.
--------------------------------
    Fix Version/s: 1.14
       Resolution: Fixed

In git master

> Base32 and Base64 still allow decoding some invalid trailing characters
> -----------------------------------------------------------------------
>
>                 Key: CODEC-270
>                 URL: https://issues.apache.org/jira/browse/CODEC-270
>             Project: Commons Codec
>          Issue Type: Bug
>    Affects Versions: 1.13
>            Reporter: Alex Herbert
>            Assignee: Alex Herbert
>            Priority: Minor
>             Fix For: 1.14
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Both Base32 and Base64 check that the final bits from the trailing digit that will be discarded are zero.
> The test for the trailing bits in the final digits in Base64 is:
> {code:java}
> private long validateCharacter(final int numBitsToDrop, final Context context) {
>     if ((context.ibitWorkArea & numBitsToDrop) != 0) {
> {code}
> It should be:
> {code:java}
> private long validateCharacter(final int numBitsToDrop, final Context context) {
>     int mask = (1 << numBitsToDrop) - 1;
>     if ((context.ibitWorkArea & mask) != 0) {
> {code}
> Likewise in Base32.
> The following base64 is illegal but is still decoded:
> {noformat}
> AB==
> A : 000000
> B : 000001
> byte = 00000000 + 0001 discarded 
> {noformat}
> Here the check for the 4 trailing bits to drop in this case checks only bit 3 and ignores bit 1 which is set.
> Same for Base32, this is illegal:
> {noformat}
> AB======
> A : 00000
> B : 00001
> byte = 00000000 + 01 discarded
> {noformat}
> But the check for the 2 trailing bits to drop in this case checks bit 2 and ignores bit 1 which is set.
> Note: The test cases using "AC" has bit 2 set and so is flagged as invalid.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)