[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030923064443.GD10162@brehat.trusted-logic.fr>
Date: Tue, 23 Sep 2003 08:44:43 +0200
From: Erwan David <Erwan.David@...sted-logic.fr>
To: bugtraq@...urityfocus.com
Subject: Re: base64
Le Mon 22/09/2003, "Ilya Teterin" disait
> Consider we decoding data which contains padding character ('=') at the unexpected place. What we should do with such data? The specification of base64 decoding does not tell us what we MUST or even MAY do with such data... So, we can do anything we like to do:
>
> 1. threat padding character as end of the encoded data
> 2. ignore padding character
> 3. decode padding character as well as some other character from
> base64 alphabet
> 4. do something else ;-)
>
> I have tested some popular implementations (such as email clients,
> GNU utilities, RTL and other development's libraries). All items
> (1)-(4) are actually pre
I'll add 5. consider data encoding as broken and return an error. The
base64 specification specifies how to encode. If you get padding character
inside data, it's no more base64 encoded data.
--
Erwan David
==========================================================
Trusted Logic Tel: +33 1 30 97 25 03
5 rue du Bailliage Std: +33 1 30 97 25 00
78000 Versailles Fax: +33 1 30 97 25 19
France
Powered by blists - more mailing lists