diff options
| author | Paragon Initiative Enterprises <security@paragonie.com> | 2016-06-12 21:06:53 -0400 |
|---|---|---|
| committer | Paragon Initiative Enterprises <security@paragonie.com> | 2016-06-12 21:06:53 -0400 |
| commit | 802a31079090bcfb8dfc88a5704bef3a761a39ec (patch) | |
| tree | b3656ab457ed5afa0305c43ef75af15e7834d3b9 /src | |
| parent | 83f4c006f9d20db6e5d70a7d01ef125cadebfaec (diff) | |
| download | constant_time_encoding-802a31079090bcfb8dfc88a5704bef3a761a39ec.zip constant_time_encoding-802a31079090bcfb8dfc88a5704bef3a761a39ec.tar.gz constant_time_encoding-802a31079090bcfb8dfc88a5704bef3a761a39ec.tar.bz2 | |
Handle edge-case reported in #4v2.0.2
Diffstat (limited to 'src')
| -rw-r--r-- | src/Base32.php | 24 | ||||
| -rw-r--r-- | src/Base64.php | 31 |
2 files changed, 32 insertions, 23 deletions
diff --git a/src/Base32.php b/src/Base32.php index c5ee3de..a65c1c7 100644 --- a/src/Base32.php +++ b/src/Base32.php @@ -176,24 +176,24 @@ abstract class Base32 implements EncoderInterface if ($srcLen === 0) { return ''; } - if (($srcLen & 7) === 0) { - for ($j = 0; $j < 7; ++$j) { - if ($src[$srcLen - 1] === '=') { - $srcLen--; - } else { - break; + if ($strictPadding) { + if (($srcLen & 7) === 0) { + for ($j = 0; $j < 7; ++$j) { + if ($src[$srcLen - 1] === '=') { + $srcLen--; + } else { + break; + } } } - } - if (($srcLen & 7) === 1) { - if ($strictPadding) { + if (($srcLen & 7) === 1) { throw new \RangeException( 'Incorrect padding' ); - } else { - $src = \rtrim($src, '='); - $srcLen = Binary::safeStrlen($src); } + } else { + $src = \rtrim($src, '='); + $srcLen = Binary::safeStrlen($src); } $err = 0; diff --git a/src/Base64.php b/src/Base64.php index 89289a9..df801cc 100644 --- a/src/Base64.php +++ b/src/Base64.php @@ -94,23 +94,29 @@ abstract class Base64 implements EncoderInterface if ($srcLen === 0) { return ''; } - if (($srcLen & 3) === 0) { - if ($src[$srcLen - 1] === '=') { - $srcLen--; + + if ($strictPadding) { + if (($srcLen & 3) === 0) { if ($src[$srcLen - 1] === '=') { $srcLen--; + if ($src[$srcLen - 1] === '=') { + $srcLen--; + } } } - } - if (($srcLen & 3) === 1) { - if ($strictPadding) { + if (($srcLen & 3) === 1) { + throw new \RangeException( + 'Incorrect padding' + ); + } + if ($src[$srcLen - 1] === '=') { throw new \RangeException( 'Incorrect padding' ); - } else { - $src = \rtrim($src, '='); - $srcLen = Binary::safeStrlen($src); } + } else { + $src = \rtrim($src, '='); + $srcLen = Binary::safeStrlen($src); } $err = 0; @@ -135,9 +141,9 @@ abstract class Base64 implements EncoderInterface if ($i < $srcLen) { $chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i)); $c0 = static::decode6Bits($chunk[1]); - $c1 = static::decode6Bits($chunk[2]); if ($i + 2 < $srcLen) { + $c1 = static::decode6Bits($chunk[2]); $c2 = static::decode6Bits($chunk[3]); $dest .= \pack( 'CC', @@ -145,12 +151,15 @@ abstract class Base64 implements EncoderInterface ((($c1 << 4) | ($c2 >> 2)) & 0xff) ); $err |= ($c0 | $c1 | $c2) >> 8; - } elseif($i + 1 < $srcLen) { + } elseif ($i + 1 < $srcLen) { + $c1 = static::decode6Bits($chunk[2]); $dest .= \pack( 'C', ((($c0 << 2) | ($c1 >> 4)) & 0xff) ); $err |= ($c0 | $c1) >> 8; + } elseif ($i < $srcLen && $strictPadding) { + $err |= 1; } } if ($err !== 0) { |