base64_decode: fix bug #72152 (fail on NUL bytes in strict mode)

This added check is actually for NOT failing in NON-strict mode. The ch == -2 check later causes the desired failure in strict mode.
2026-03-31 12:42:29 +02:00 · 2016-05-25 21:02:41 +03:00
parent fbc74bb5f9
commit 260c07db85
2 changed files with 17 additions and 1 deletions
--- a/ext/standard/base64.c
+++ b/ext/standard/base64.c
@@ -143,7 +143,12 @@ PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length
 	result = zend_string_alloc(length, 0);

 	/* run through the whole string, converting as we go */
-	while (length-- > 0 && (ch = *current++) != '\0') {
+	while (length-- > 0) {
+		ch = *current++;
+		/* stop on null byte in non-strict mode (FIXME: is this really desired?) */
+		if (ch == 0 && !strict) {
+			break;
+		}
 		if (ch == base64_pad) {
 			/* fail if the padding character is second in a group (like V===) */
 			/* FIXME: why do we still allow invalid padding in other places in the middle of the string? */
--- a/ext/standard/tests/strings/bug72152.phpt
+++ b/ext/standard/tests/strings/bug72152.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #72152 (base64_decode $strict fails to detect null byte)
+--FILE--
+<?php
+var_dump(base64_decode("\x00", true));
+var_dump(base64_decode("\x00VVVV", true));
+var_dump(base64_decode("VVVV\x00", true));
+--EXPECT--
+bool(false)
+bool(false)
+bool(false)