base64: Added basic validation to base64 input string when decoding

CURLcode Curl_base64_decode(const char *src,

CURLcode Curl_base64_decode(const char *src,

                            unsigned char **outptr, size_t *outlen)

                            unsigned char **outptr, size_t *outlen)

{

{

  size_t srcLen = 0;

  size_t length = 0;

  size_t length = 0;

  size_t equalsTerm = 0;

  size_t equalsTerm = 0;

  size_t i;

  size_t i;

  *outptr = NULL;

  *outptr = NULL;

  *outlen = 0;

  *outlen = 0;

  srcLen = strlen(src);

  /* Check the length of the input string is valid */

  if(!srcLen || srcLen % 4)

    return CURLE_BAD_CONTENT_ENCODING;

  /* Find the position of any = padding characters */

  while((src[length] != '=') && src[length])

  while((src[length] != '=') && src[length])

    length++;

    length++;

  /* A maximum of two = padding characters is allowed */

  /* A maximum of two = padding characters is allowed */

  if(src[length] == '=') {

  if(src[length] == '=') {

    equalsTerm++;

    equalsTerm++;

    if(src[length+equalsTerm] == '=')

    if(src[length+equalsTerm] == '=')

      equalsTerm++;

      equalsTerm++;

  }

  }

  numQuantums = (length + equalsTerm) / 4;

  /* Don't allocate a buffer if the decoded length is 0 */

  /* Check the = padding characters weren't part way through the input */

  if(numQuantums == 0)

  if(length + equalsTerm != srcLen)

    return CURLE_OK;

    return CURLE_BAD_CONTENT_ENCODING;

  /* Calculate the number of quantums */

  numQuantums = (length + equalsTerm) / 4;

  /* Calculate the size of the decoded string */

  rawlen = (numQuantums * 3) - equalsTerm;

  rawlen = (numQuantums * 3) - equalsTerm;

  /* The buffer must be large enough to make room for the last quantum

  /* The buffer must be large enough to make room for the last quantum

verify_memory(decoded, "i", 2);

verify_memory(decoded, "i", 2);

Curl_safefree(decoded);

Curl_safefree(decoded);

/* this is an illegal input */

/* This is illegal input as the data is too short */

size = 1; /* not zero */

size = 1; /* not zero */

decoded = &anychar; /* not NULL */

decoded = &anychar; /* not NULL */

rc = Curl_base64_decode("aQ", &decoded, &size);

rc = Curl_base64_decode("aQ", &decoded, &size);

/* return code indiferent, but output shall be as follows */

fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING");

fail_unless(size == 0, "size should be 0");

fail_if(decoded, "returned pointer should be NULL");

/* This is illegal input as it contains three padding characters */

size = 1; /* not zero */

decoded = &anychar; /* not NULL */

rc = Curl_base64_decode("a===", &decoded, &size);

fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING");

fail_unless(size == 0, "size should be 0");

fail_if(decoded, "returned pointer should be NULL");

/* This is illegal input as it contains a padding character mid input */

size = 1; /* not zero */

decoded = &anychar; /* not NULL */

rc = Curl_base64_decode("a=Q=", &decoded, &size);

fail_unless(rc == CURLE_BAD_CONTENT_ENCODING, "return code should be CURLE_BAD_CONTENT_ENCODING");

fail_unless(size == 0, "size should be 0");

fail_unless(size == 0, "size should be 0");

fail_if(decoded, "returned pointer should be NULL");

fail_if(decoded, "returned pointer should be NULL");