aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2013-10-30 07:31:22 +0000
committerSteve Holme <steve_holme@hotmail.com>2013-10-30 07:31:22 +0000
commite17c1b25bc33ebcbb4e11ecbad63188ccaa0c3bd (patch)
tree436b382666972b1c8b94427efde9890ada09869c /tests
parent7d1eb66cd72879bd909188d9e7c3cf05f13017b3 (diff)
base64: Added basic validation to base64 input string when decoding
A base64 string should be a multiple of 4 characters in length, not contain any more than 2 padding characters and only contain padding characters at the end of string. For example: Y3VybA== Strings such as the following are considered invalid: Y= - Invalid length Y== - Invalid length Y=== - More than two padding characters Y=x= - Padding character contained within string
Diffstat (limited to 'tests')
-rw-r--r--tests/unit/unit1302.c20
1 files changed, 18 insertions, 2 deletions
diff --git a/tests/unit/unit1302.c b/tests/unit/unit1302.c
index fc50c8865..b5688f047 100644
--- a/tests/unit/unit1302.c
+++ b/tests/unit/unit1302.c
@@ -104,11 +104,27 @@ fail_unless(size == 1, "size should be 1");
verify_memory(decoded, "i", 2);
Curl_safefree(decoded);
-/* this is an illegal input */
+/* This is illegal input as the data is too short */
size = 1; /* not zero */
decoded = &anychar; /* not NULL */
rc = Curl_base64_decode("aQ", &decoded, &size);
-/* return code indiferent, but output shall be as follows */
+fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING");
+fail_unless(size == 0, "size should be 0");
+fail_if(decoded, "returned pointer should be NULL");
+
+/* This is illegal input as it contains three padding characters */
+size = 1; /* not zero */
+decoded = &anychar; /* not NULL */
+rc = Curl_base64_decode("a===", &decoded, &size);
+fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING");
+fail_unless(size == 0, "size should be 0");
+fail_if(decoded, "returned pointer should be NULL");
+
+/* This is illegal input as it contains a padding character mid input */
+size = 1; /* not zero */
+decoded = &anychar; /* not NULL */
+rc = Curl_base64_decode("a=Q=", &decoded, &size);
+fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING");
fail_unless(size == 0, "size should be 0");
fail_if(decoded, "returned pointer should be NULL");