From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <void@tarantool.org>
Received: from smtpng3.m.smailru.net (smtpng3.m.smailru.net [94.100.177.149])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id F14F74765E0
 for <tarantool-patches@dev.tarantool.org>;
 Tue, 22 Dec 2020 11:40:54 +0300 (MSK)
From: Sergey Nikiforov <void@tarantool.org>
Date: Tue, 22 Dec 2020 11:40:35 +0300
Message-Id: <20201222084035.786687-1-void@tarantool.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [Tarantool-patches] [PATCH] base64: Properly ignore invalid
	characters
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
To: tarantool-patches@dev.tarantool.org
Cc: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>

Not all invalid characters were ignored by base64 decoder
causing data corruption and reads beyond decode table
(faults under ASAN).

Added corresponding check into base64 unit test.

Fixes: #5627
---

Issue: https://github.com/tarantool/tarantool/issues/5627
Branch: https://github.com/tarantool/tarantool/tree/void234/gh-5627-fix-base64-invalid-chars-processing-v3 

 test/unit/base64.c      | 21 ++++++++++++++++++++-
 test/unit/base64.result |  5 ++++-
 third_party/base64.c    |  3 ++-
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/test/unit/base64.c b/test/unit/base64.c
index ada497adf..cc74f64d1 100644
--- a/test/unit/base64.c
+++ b/test/unit/base64.c
@@ -58,9 +58,26 @@ base64_nowrap_test(const char *str)
 	base64_test(str, BASE64_NOWRAP, symbols, lengthof(symbols));
 }
 
+static void
+base64_invalid_chars_test(void)
+{
+	plan(1);
+
+	/* Upper bit must be cleared */
+	const char invalid_data[] = { '\x7b', '\x7c', '\x7d', '\x7e' };
+	char outbuf[8];
+
+	/* Invalid chars should be ignored, not decoded into garbage */
+	is(base64_decode(invalid_data, sizeof(invalid_data),
+	                 outbuf, sizeof(outbuf)),
+	   0, "ignoring invalid chars");
+
+	check_plan();
+}
+
 int main(int argc, char *argv[])
 {
-	plan(28);
+	plan(29);
 	header();
 
 	const char *option_tests[] = {
@@ -78,6 +95,8 @@ int main(int argc, char *argv[])
 		base64_nowrap_test(option_tests[i]);
 	}
 
+	base64_invalid_chars_test();
+
 	footer();
 	return check_plan();
 }
diff --git a/test/unit/base64.result b/test/unit/base64.result
index cd1f2b3f6..3bc2c2275 100644
--- a/test/unit/base64.result
+++ b/test/unit/base64.result
@@ -1,4 +1,4 @@
-1..28
+1..29
 	*** main ***
     1..3
     ok 1 - length
@@ -175,4 +175,7 @@ ok 27 - subtests
     ok 3 - decode length ok
     ok 4 - encode/decode
 ok 28 - subtests
+    1..1
+    ok 1 - ignoring invalid chars
+ok 29 - subtests
 	*** main: done ***
diff --git a/third_party/base64.c b/third_party/base64.c
index 8ecab23eb..7c69315ea 100644
--- a/third_party/base64.c
+++ b/third_party/base64.c
@@ -222,7 +222,8 @@ base64_decode_value(int value)
 		32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43,
 		44, 45, 46, 47, 48, 49, 50, 51
 	};
-	static const int decoding_size = sizeof(decoding);
+	static const int decoding_size =
+		sizeof(decoding) / sizeof(decoding[0]);
 	int codepos = value;
 	codepos -= 43;
 	if (codepos < 0 || codepos >= decoding_size)
-- 
2.25.1