diff options
author | Steve Holme <steve_holme@hotmail.com> | 2013-10-30 07:31:22 +0000 |
---|---|---|
committer | Steve Holme <steve_holme@hotmail.com> | 2013-10-30 07:31:22 +0000 |
commit | e17c1b25bc33ebcbb4e11ecbad63188ccaa0c3bd (patch) | |
tree | 436b382666972b1c8b94427efde9890ada09869c /tests/unit | |
parent | 7d1eb66cd72879bd909188d9e7c3cf05f13017b3 (diff) |
base64: Added basic validation to base64 input string when decoding
A base64 string should be a multiple of 4 characters in length, not
contain any more than 2 padding characters and only contain padding
characters at the end of string. For example: Y3VybA==
Strings such as the following are considered invalid:
Y= - Invalid length
Y== - Invalid length
Y=== - More than two padding characters
Y=x= - Padding character contained within string
Diffstat (limited to 'tests/unit')
-rw-r--r-- | tests/unit/unit1302.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/tests/unit/unit1302.c b/tests/unit/unit1302.c index fc50c8865..b5688f047 100644 --- a/tests/unit/unit1302.c +++ b/tests/unit/unit1302.c @@ -104,11 +104,27 @@ fail_unless(size == 1, "size should be 1"); verify_memory(decoded, "i", 2); Curl_safefree(decoded); -/* this is an illegal input */ +/* This is illegal input as the data is too short */ size = 1; /* not zero */ decoded = &anychar; /* not NULL */ rc = Curl_base64_decode("aQ", &decoded, &size); -/* return code indiferent, but output shall be as follows */ +fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING"); +fail_unless(size == 0, "size should be 0"); +fail_if(decoded, "returned pointer should be NULL"); + +/* This is illegal input as it contains three padding characters */ +size = 1; /* not zero */ +decoded = &anychar; /* not NULL */ +rc = Curl_base64_decode("a===", &decoded, &size); +fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING"); +fail_unless(size == 0, "size should be 0"); +fail_if(decoded, "returned pointer should be NULL"); + +/* This is illegal input as it contains a padding character mid input */ +size = 1; /* not zero */ +decoded = &anychar; /* not NULL */ +rc = Curl_base64_decode("a=Q=", &decoded, &size); +fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING"); fail_unless(size == 0, "size should be 0"); fail_if(decoded, "returned pointer should be NULL"); |