util-base64: strict mode - all characters must be valid

Introduce a strict mode to base64 decode. If strict,
the function will fail when invalid input data is seen.
If not strict, what has been decoded will be returned.

This is in support of adding a Snort compatible base64_decode
rule option that uses whatever data can be decoded as a length
of data to decode is optional.

diff --git a/src/util-base64.c b/src/util-base64.c
index f4b508a0199bf43911db9e9626e4cb301330896f..45fdc01ab4a042d62141cf30fe402b219260a96d 100644 (file)
--- a/src/util-base64.c
+++ b/src/util-base64.c
@@ -83,10 +83,13 @@ static inline void DecodeBase64Block(uint8_t ascii[ASCII_BLOCK], uint8_t b64[B64
  * \param dest The destination byte buffer
  * \param src The source string
  * \param len The length of the source string
+ * \param strict If set file on invalid byte, otherwise return what has been
+ *    decoded.
  *
  * \return Number of bytes decoded, or 0 if no data is decoded or it fails
  */
-uint32_t DecodeBase64(uint8_t *dest, const uint8_t *src, uint32_t len) {
+uint32_t DecodeBase64(uint8_t *dest, const uint8_t *src, uint32_t len,
+    int strict) {
 
     int val;
     uint32_t padding = 0, numDecoded = 0, bbidx = 0, valid = 1, i;
@@ -103,7 +106,9 @@ uint32_t DecodeBase64(uint8_t *dest, const uint8_t *src, uint32_t len) {
             /* Invalid character found, so decoding fails */
             if (src[i] != '=') {
                 valid = 0;
-                numDecoded = 0;
+                if (strict) {
+                    numDecoded = 0;
+                }
                 break;
             }
             padding++;

diff --git a/src/util-base64.h b/src/util-base64.h
index fb1a90a3b577dcb76963d08c287e17fbcd122165..7c8bed626261054a0d54ef07e4567b9d89d05a75 100644 (file)
--- a/src/util-base64.h
+++ b/src/util-base64.h
@@ -49,6 +49,7 @@
 #define B64_BLOCK           4
 
 /* Function prototypes */
-uint32_t DecodeBase64(uint8_t *dest, const uint8_t *src, uint32_t len);
+uint32_t DecodeBase64(uint8_t *dest, const uint8_t *src, uint32_t len,
+    int strict);
 
 #endif

diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c
index 51d1468e55383ad5d0027b451469a182232a0109..ded4cd6044d4097ff10a1608afadb916b3d2c4e9 100644 (file)
--- a/src/util-decode-mime.c
+++ b/src/util-decode-mime.c
@@ -1227,7 +1227,7 @@ static uint8_t ProcessBase64Remainder(const uint8_t *buf, uint32_t len,
     /* Only decode if divisible by 4 */
     if (state->bvr_len == B64_BLOCK || force) {
         remdec = DecodeBase64(state->data_chunk + state->data_chunk_len,
-                              state->bvremain, state->bvr_len);
+                              state->bvremain, state->bvr_len, 1);
         if (remdec > 0) {
 
             /* Track decoded length */
@@ -1329,7 +1329,7 @@ static int ProcessBase64BodyLine(const uint8_t *buf, uint32_t len,
             SCLogDebug("Decoding: %u", len - rem1 - rem2);
 
             numDecoded = DecodeBase64(state->data_chunk + state->data_chunk_len,
-                    buf + offset, tobuf);
+                    buf + offset, tobuf, 1);
             if (numDecoded > 0) {
 
                 /* Track decoded length */
@@ -2888,7 +2888,7 @@ static int MimeBase64DecodeTest01(void)
     if (dst == NULL)
         return 0;
 
-    ret = DecodeBase64(dst, (const uint8_t *)base64msg, strlen(base64msg));
+    ret = DecodeBase64(dst, (const uint8_t *)base64msg, strlen(base64msg), 1);
 
     if (memcmp(dst, msg, strlen(msg)) == 0) {
         ret = 0;