Data URIs: don't decodewith invalid length..

2014-08-04 16:51:49 +02:00 · 2014-08-04 16:51:49 +02:00 · 781c9f2a8f
commit 781c9f2a8f
parent 89b4e98a8f
1 changed files with 6 additions and 0 deletions
--- a/src/kits/network/libnetapi/DataRequest.cpp
+++ b/src/kits/network/libnetapi/DataRequest.cpp
@ -89,6 +89,12 @@ BDataRequest::_ProtocolLoop()
 	}

 	if (isBase64) {
+		// Check that the base64 data is properly padded (we process characters
+		// by groups of 4 and there must not be stray chars at the end as
+		// Base64 specifies padding.
+		if (data.Length() & 3)
+			return B_BAD_DATA;
+
 		char* buffer = new char[data.Length() * 3 / 4];
 		payload = buffer;
 			// payload must be a const char* so we can assign data.String() to