Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

base64.b64decode() with validate=True does not raise for a trailing \n #83236

Closed
serhiy-storchaka opened this issue Dec 15, 2019 · 4 comments
Closed

base64.b64decode() with validate=True does not raise for a trailing \n #83236

serhiy-storchaka opened this issue Dec 15, 2019 · 4 comments
Labels
3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error

Comments

@serhiy-storchaka
Copy link
Member

BPO 39055
Nosy @serhiy-storchaka, @miss-islington
PRs
  • bpo-39055: Reject a trailing \n in base64.b64decode() with validate=True. #17616
  • [3.8] bpo-39055: Reject a trailing \n in base64.b64decode() with validate=True. (GH-17616) #17833
  • [3.7] bpo-39055: Reject a trailing \n in base64.b64decode() with validate=True. (GH-17616) #17834
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2020-01-05.13:33:45.407>
created_at = <Date 2019-12-15.17:21:28.531>
labels = ['3.7', '3.8', 'type-bug', 'library', '3.9']
title = 'base64.b64decode() with validate=True does not raise for a trailing \\n'
updated_at = <Date 2020-01-05.13:33:45.406>
user = 'https://github.com/serhiy-storchaka'

    bugs.python.org fields:

    activity = <Date 2020-01-05.13:33:45.406>
actor = 'serhiy.storchaka'
assignee = 'none'
closed = True
closed_date = <Date 2020-01-05.13:33:45.407>
closer = 'serhiy.storchaka'
components = ['Library (Lib)']
creation = <Date 2019-12-15.17:21:28.531>
creator = 'serhiy.storchaka'
dependencies = []
files = []
hgrepos = []
issue_num = 39055
keywords = ['patch']
message_count = 4.0
messages = ['358438', '359334', '359337', '359340']
nosy_count = 2.0
nosy_names = ['serhiy.storchaka', 'miss-islington']
pr_nums = ['17616', '17833', '17834']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue39055'
versions = ['Python 3.7', 'Python 3.8', 'Python 3.9']
    @serhiy-storchaka
    Copy link
    Member Author

    If validate=True is passed to base64.b64decode(), it should raise a binascii.Error if the input contains any character not from the acceptable alphabet.

    But it does not raise if the input ends with a single \n. It raises if the input ends with a multiple \n or with any other whitespace character. Only a single \n is accepted.

    This is an implementation artifact. A regular exception ending with $ is used to validate an input. But $ matches not only end of string. It matches also an empty string before the trailing \n.

    Similar errors are also occurred in other sites. I'll open separate issues for different cases.

    @serhiy-storchaka serhiy-storchaka added 3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error labels Dec 15, 2019
    @serhiy-storchaka
    Copy link
    Member Author

    New changeset b19c0d7 by Serhiy Storchaka in branch 'master':
    bpo-39055: Reject a trailing \n in base64.b64decode() with validate=True. (GH-17616)
    b19c0d7

    @miss-islington
    Copy link
    Contributor

    New changeset 3bdb2d9 by Miss Islington (bot) in branch '3.7':
    bpo-39055: Reject a trailing \n in base64.b64decode() with validate=True. (GH-17616)
    3bdb2d9

    @miss-islington
    Copy link
    Contributor

    New changeset 34aa3e7 by Miss Islington (bot) in branch '3.8':
    bpo-39055: Reject a trailing \n in base64.b64decode() with validate=True. (GH-17616)
    34aa3e7

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @serhiy-storchaka @miss-islington