Skip to content

Commit

Permalink
Require strict base64 in openssl_decode
Browse files Browse the repository at this point in the history 
Using invalid data in a security-related context makes no sense,
and there's even a test which depends on invalid base64 data failing,
even though it currently fails for the wrong reasons by sheer luck.
  • Loading branch information
@Metabolix @nikic
Metabolix authored and nikic committed Jul 22, 2016
1 parent 76f6f35 commit f775199
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ext/openssl/openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6375,7 +6375,7 @@ PHP_FUNCTION(openssl_decrypt)
php_openssl_load_cipher_mode(&mode, cipher_type);

if (!(options & OPENSSL_RAW_DATA)) {
base64_str = php_base64_decode((unsigned char*)data, (int)data_len);
base64_str = php_base64_decode_ex((unsigned char*)data, (int)data_len, 1);
if (!base64_str) {
php_error_docref(NULL, E_WARNING, "Failed to base64 decode the input");
EVP_CIPHER_CTX_free(cipher_ctx);
Expand Down

0 comments on commit f775199

Please sign in to comment.