cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Base64 decoding

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 29 Oct 2013 00:00:08 +0100 (CET)

On Mon, 28 Oct 2013, Steve Holme wrote:

> My question is should we be performing validation as we attempt to decode
> the strings, is it safer to do this or is attempting to decode as much as
> possible as we do now the better way to go?

My gut reaction tells me we should reject the entire thing if the input is
deemed malformatted.

So, if it isn't a multiple of 4 characters or if there are more than two '='
as padding the input is just as wrong as if the input contain any illegal
letters.

It does make we wonder if it will hit back on us somewhere if something
somewhere is now relying on our "sloppy" parser...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2013-10-29

This message: [ Message body ]
Next message: Steve Holme: "RE: Base64 decoding"
Previous message: Steve Holme: "Base64 decoding"
In reply to: Steve Holme: "Base64 decoding"
Next in thread: Steve Holme: "RE: Base64 decoding"
Reply: Steve Holme: "RE: Base64 decoding"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]