Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(base64): Reject too-short encodings #1991

Merged
merged 3 commits into from
Jan 24, 2024
Merged

fix(base64): Reject too-short encodings #1991

merged 3 commits into from
Jan 24, 2024

Conversation

gibson042
Copy link
Contributor

Fixes #1990

Description

Test invalid encodings, and reject input that is too short.

Security Considerations

None known.

Scaling Considerations

n/a

Documentation Considerations

Should this have a CHANGELOG entry?

Testing Considerations

New and improved!

Upgrade Considerations

n/a

@gibson042 gibson042 force-pushed the gh-1990-base64-correctness branch 3 times, most recently from 31e3d79 to b507be4 Compare January 22, 2024 18:49
@kriskowal
Copy link
Member

With this change, do we accept all strings we previously generated? That is, do we generate the appropriate padding in all cases?

@gibson042 gibson042 mentioned this pull request Jan 22, 2024
Open
@gibson042
Copy link
Contributor Author

Yes, the generation code already correctly outputs padding.

@gibson042
Copy link
Contributor Author

@kriskowal This is good without a CHANGELOG.md entry, right?

@kriskowal
Copy link
Member

@kriskowal This is good without a CHANGELOG.md entry, right?

This is fine without a NEWS.md entry (CHANGELOG.md gets generated from commit messages at time of release.)

I prefer (and do not insist) on redundantly capturing messages to upgraders in NEWS.md if the dependant package needs to make some changes to compensate for an upgrade. Like, if a method is deprecated, there should be a recommendation to use a different equivalent behavior (or stop that). Likewise for removal of deprecated methods.

@gibson042 gibson042 merged commit 5b2537c into master Jan 24, 2024
14 checks passed
@gibson042 gibson042 deleted the gh-1990-base64-correctness branch January 24, 2024 20:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kriskowal kriskowal kriskowal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

jsDecodeBase64 fails to reject short encodings
2 participants
@gibson042 @kriskowal