Bug #6280
closedOptimization #7065: base64: move the decoder to rust
base64: strict mode should only accept strings that can be reliably converted back
Description
A string such as D=aB is invalid and should be rejected by the parser.
More strings that should be rejected from the conversation on https://github.com/OISF/suricata/pull/11195 thanks to catenacyber ====
@X===D=
Updated by Shivani Bhardwaj 10 months ago
- Target version changed from TBD to 8.0.0-beta1
This needs a decision. Our parser would accept such a string in all modes as the string does not have any non base64 alphabet. On popular base64 decoders as well such a string is accepted but it is rejected by some parsers like Python's base64 library as it is incorrect to have padding bytes in the middle of a string.
Updated by Shivani Bhardwaj 10 months ago
@Philippe Antoine what do you think about this issue?
Updated by Philippe Antoine 10 months ago
Should be rejected in strict mode, not in others if it is accepted by popular base64 decoders
Updated by Shivani Bhardwaj 9 months ago ยท Edited
- Status changed from Assigned to In Review
Closed by: https://github.com/OISF/suricata/pull/11802
Updated by Shivani Bhardwaj 9 months ago
- Subject changed from base64: don't accept = in the middle of a string to base64: strict mode should only accept strings that can be reliably converted back
Updated by Shivani Bhardwaj 9 months ago
- Related to Task #7058: fuzz/base64: check decoded strings for correctness in strict mode added
Updated by Shivani Bhardwaj 5 months ago
- Status changed from In Review to Closed