Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Base64Url does not detect invalid data accurately #91

Closed
gfoidl opened this issue Nov 4, 2019 · 1 comment · Fixed by #95
Closed

Base64Url does not detect invalid data accurately #91

gfoidl opened this issue Nov 4, 2019 · 1 comment · Fixed by #95
Assignees
@gfoidl
Labels
area-base64Url bug Something isn't working
Milestone
v1.0.1

Comments

@gfoidl
Copy link
Owner

gfoidl commented Nov 4, 2019
edited

Fuzzing found (after a few seconds)

  • z\0dYsqEkYYYYYEkYYYYYQYYeQYYeker
  • pppppppÿÿpppÿÿpppppppp_

which are in the SSSE3-range, but it didn't detect invalid data.

crashes.zip
@gfoidl gfoidl added bug Something isn't working area-base64Url labels Nov 4, 2019
@gfoidl gfoidl added this to the v1.0.1 milestone Nov 4, 2019
@gfoidl gfoidl self-assigned this Nov 4, 2019
@gfoidl
Copy link
Owner Author

gfoidl commented Nov 5, 2019
edited

A new 5.5h fuzz revealed similar failures.
Base64_Url_Decode.zip

gfoidl added a commit that referenced this issue Nov 6, 2019
@gfoidl
Tests according to fuzz runs
b8fc807 
Cf. #91
@gfoidl gfoidl mentioned this issue Nov 6, 2019
Merged
@gfoidl gfoidl closed this as completed in #95 Nov 6, 2019
gfoidl added a commit that referenced this issue Nov 6, 2019
@gfoidl
Base64Url invalid data detection (#95)
f3fd694 
* Tests according to fuzz runs

Cf. #91

* Rearranged tests for encode and decode to own fixtures

* Fuzz verification tests

* Fix

* Updated build.sh

* PR Feedback
gfoidl added a commit that referenced this issue Nov 6, 2019
@gfoidl
More tests for status fix (#97)
656ccc8 
* Tests according to fuzz runs

Cf. #91

* Rearranged tests for encode and decode to own fixtures

* Fuzz verification tests

* Tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gfoidl gfoidl

Labels
area-base64Url bug Something isn't working
Projects
None yet
Milestone
v1.0.1
Development

Successfully merging a pull request may close this issue.

Base64Url invalid data detection gfoidl/Base64
1 participant
@gfoidl