You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2019/11/24 23:49:00 UTC

[jira] [Work logged] (CODEC-270) Base32 and Base64 still allow decoding some invalid trailing characters

     [ https://issues.apache.org/jira/browse/CODEC-270?focusedWorklogId=348857&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-348857 ]

ASF GitHub Bot logged work on CODEC-270:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 24/Nov/19 23:48
            Start Date: 24/Nov/19 23:48
    Worklog Time Spent: 10m 
      Work Description: aherbert commented on pull request #29: [CODEC-270] Base32/64: Fix masked check of the final bits to discard.
URL: https://github.com/apache/commons-codec/pull/29
 
 
   Fixed the Base32/64 mask check to ensure it checks all the bits to be discarded are zero.
   
   Added tests that enumerate all possible trailing characters. Only those with zero for the discarded bits should be decoded.
   
   Also fixed the BCodecTest data to use the RFC 1522 "encoded-word" header.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 348857)
    Remaining Estimate: 0h
            Time Spent: 10m

> Base32 and Base64 still allow decoding some invalid trailing characters
> -----------------------------------------------------------------------
>
>                 Key: CODEC-270
>                 URL: https://issues.apache.org/jira/browse/CODEC-270
>             Project: Commons Codec
>          Issue Type: Bug
>    Affects Versions: 1.13
>            Reporter: Alex Herbert
>            Assignee: Alex Herbert
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Both Base32 and Base64 check that the final bits from the trailing digit that will be discarded are zero.
> The test for the trailing bits in the final digits in Base64 is:
> {code:java}
> private long validateCharacter(final int numBitsToDrop, final Context context) {
>     if ((context.ibitWorkArea & numBitsToDrop) != 0) {
> {code}
> It should be:
> {code:java}
> private long validateCharacter(final int numBitsToDrop, final Context context) {
>     int mask = (1 << numBitsToDrop) - 1;
>     if ((context.ibitWorkArea & mask) != 0) {
> {code}
> Likewise in Base32.
> The following base64 is illegal but is still decoded:
> {noformat}
> AB==
> A : 000000
> B : 000001
> byte = 00000000 + 0001 discarded 
> {noformat}
> Here the check for the 4 trailing bits to drop in this case checks only bit 3 and ignores bit 1 which is set.
> Same for Base32, this is illegal:
> {noformat}
> AB======
> A : 00000
> B : 00001
> byte = 00000000 + 01 discarded
> {noformat}
> But the check for the 2 trailing bits to drop in this case checks bit 2 and ignores bit 1 which is set.
> Note: The test cases using "AC" has bit 2 set and so is flagged as invalid.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)