curl-library
Re: Base64 decoding
From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 29 Oct 2013 00:00:08 +0100 (CET)
Date: Tue, 29 Oct 2013 00:00:08 +0100 (CET)
On Mon, 28 Oct 2013, Steve Holme wrote:
> My question is should we be performing validation as we attempt to decode
> the strings, is it safer to do this or is attempting to decode as much as
> possible as we do now the better way to go?
My gut reaction tells me we should reject the entire thing if the input is
deemed malformatted.
So, if it isn't a multiple of 4 characters or if there are more than two '='
as padding the input is just as wrong as if the input contain any illegal
letters.
It does make we wonder if it will hit back on us somewhere if something
somewhere is now relying on our "sloppy" parser...
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2013-10-29