You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found a bug in the Base64.decode() function. It will decode incorrectly formatted base 64 strings. For example, "user:password" encodes to "dXNlcjpwYXNzd29yZA==". Both "dXNlcjpwYXNzd29yZA==123" and "dXNlcjpwYXNzd29yZA=5" decode to "user:password" although neither of them are valid base 64 strings. You can add or replace characters after the first padding character.
The base64 did not completely check, if there were other characters
after the equals `=` sign. This PR adds some small additional checks.
Closeselastic#6334
spinscale
changed the title
Base64.decode() decoding invalid strings
Internal: Made base64 decode parsing to detect more errors
Jun 24, 2014
spinscale
changed the title
Internal: Made base64 decode parsing to detect more errors
Internal: Base64 decode parsing detects more errors
Jun 24, 2014
I found a bug in the
Base64.decode()
function. It will decode incorrectly formatted base 64 strings. For example,"user:password"
encodes to"dXNlcjpwYXNzd29yZA=="
. Both"dXNlcjpwYXNzd29yZA==123"
and"dXNlcjpwYXNzd29yZA=5"
decode to "user:password" although neither of them are valid base 64 strings. You can add or replace characters after the first padding character.I wrote a quick test to show the bug.
I think this line is the culprit.
https://github.com/elasticsearch/elasticsearch/blob/master/src/main/java/org/elasticsearch/common/Base64.java#L1219
It breaks early when it should really throw an
IOException
like the code 8 lines down.The text was updated successfully, but these errors were encountered: