From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 8156321C76 for ; Thu, 26 Apr 2018 11:46:43 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 86e3TCzq8TBT for ; Thu, 26 Apr 2018 11:46:43 -0400 (EDT) Received: from smtp37.i.mail.ru (smtp37.i.mail.ru [94.100.177.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id BF5C921B4E for ; Thu, 26 Apr 2018 11:46:42 -0400 (EDT) From: Vladislav Shpilevoy Subject: [tarantool-patches] [PATCH 1/1] digest: fix error in base64 encode options Date: Thu, 26 Apr 2018 18:46:38 +0300 Message-Id: <9915797daad3058256ffa4f9d42516d1fc35838b.1524757561.git.v.shpilevoy@tarantool.org> Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: tarantool-patches@freelists.org Cc: kostja@tarantool.org Any option of base64 leads to urlsafe encoding. It is wrong, and caused by incorrect flag checking. Fix it. Closes #3358 --- Issue: https://github.com/tarantool/tarantool/issues/3358 Branch: https://github.com/tarantool/tarantool/tree/gh-3358-digest-bug test/app/digest.result | 18 ++++++++++++++++++ test/app/digest.test.lua | 9 +++++++++ third_party/base64.c | 2 +- 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/test/app/digest.result b/test/app/digest.result index 1a86bcaff..bf1815136 100644 --- a/test/app/digest.result +++ b/test/app/digest.result @@ -506,6 +506,24 @@ digest.base64_decode(b) --- - aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ... +-- +-- gh-3358: any option makes base64 work like urlsafe. +-- +s = digest.base64_encode('?>>>', {nowrap = true}) +--- +... +-- Check for '+' - it is not urlsafe. +s:find('+') ~= nil +--- +- true +... +s = digest.base64_encode('?>>>', {nopad = true}) +--- +... +s:find('+') ~= nil +--- +- true +... digest.pbkdf2("password", "salt", 4096, 32) --- - !!binary xeR41ZKIyEGqUw22hFxMjZYok6ABzk4RpJY4c6qYE0o= diff --git a/test/app/digest.test.lua b/test/app/digest.test.lua index 76e71fe2d..3134efc92 100644 --- a/test/app/digest.test.lua +++ b/test/app/digest.test.lua @@ -161,6 +161,15 @@ b = digest.base64_encode(string.rep('a', 100), { nowrap = true }) b digest.base64_decode(b) +-- +-- gh-3358: any option makes base64 work like urlsafe. +-- +s = digest.base64_encode('?>>>', {nowrap = true}) +-- Check for '+' - it is not urlsafe. +s:find('+') ~= nil +s = digest.base64_encode('?>>>', {nopad = true}) +s:find('+') ~= nil + digest.pbkdf2("password", "salt", 4096, 32) digest.pbkdf2_hex("password", "salt", 4096, 32) digest.pbkdf2_hex("password", "salt") diff --git a/third_party/base64.c b/third_party/base64.c index e3bc0b727..8ecab23eb 100644 --- a/third_party/base64.c +++ b/third_party/base64.c @@ -186,7 +186,7 @@ base64_encode(const char *in_bin, int in_len, char *out_base64, int out_len, int options) { const char *encoding; - if ((options & BASE64_URLSAFE) != 0) + if ((options & BASE64_URLSAFE) == BASE64_URLSAFE) encoding = urlsafe_encoding; else encoding = default_encoding; -- 2.15.1 (Apple Git-101)