From: Stefan Eissing Date: Thu, 27 Nov 2025 12:18:09 +0000 (+0100) Subject: curlx_base64_encode: use uint8_t* for input X-Git-Tag: rc-8_18_0-1~126 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbb929112b13643842eb9dbfa060bd83a5b5cf03;p=thirdparty%2Fcurl.git curlx_base64_encode: use uint8_t* for input Change `inputbuff` parameter from `const char *` to `const uint8_t *` to reflect the binary nature of the input bytes. Half the code was casting unsigned char to signed already in calling. Closes #19722 --- diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 1c9f259de4..f6ec668bfd 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -267,7 +267,7 @@ static CURLcode build_message(struct SASL *sasl, struct bufref *msg) char *base64; size_t base64len; - result = curlx_base64_encode((const char *) Curl_bufref_ptr(msg), + result = curlx_base64_encode(Curl_bufref_ptr(msg), Curl_bufref_len(msg), &base64, &base64len); if(!result) Curl_bufref_set(msg, base64, base64len, curl_free); diff --git a/lib/curlx/base64.c b/lib/curlx/base64.c index ef07243dd3..3fcd709d1c 100644 --- a/lib/curlx/base64.c +++ b/lib/curlx/base64.c @@ -66,7 +66,7 @@ static const unsigned char decodetable[] = * @unittest: 1302 */ CURLcode curlx_base64_decode(const char *src, - unsigned char **outptr, size_t *outlen) + uint8_t **outptr, size_t *outlen) { size_t srclen = 0; size_t padding = 0; @@ -170,8 +170,8 @@ bad: } static CURLcode base64_encode(const char *table64, - unsigned char padbyte, - const char *inputbuff, size_t insize, + uint8_t padbyte, + const uint8_t *inputbuff, size_t insize, char **outptr, size_t *outlen) { char *output; @@ -245,7 +245,7 @@ static CURLcode base64_encode(const char *table64, * * @unittest: 1302 */ -CURLcode curlx_base64_encode(const char *inputbuff, size_t insize, +CURLcode curlx_base64_encode(const uint8_t *inputbuff, size_t insize, char **outptr, size_t *outlen) { return base64_encode(Curl_base64encdec, '=', @@ -267,7 +267,7 @@ CURLcode curlx_base64_encode(const char *inputbuff, size_t insize, * * @unittest: 1302 */ -CURLcode curlx_base64url_encode(const char *inputbuff, size_t insize, +CURLcode curlx_base64url_encode(const uint8_t *inputbuff, size_t insize, char **outptr, size_t *outlen) { return base64_encode(base64url, 0, inputbuff, insize, outptr, outlen); diff --git a/lib/curlx/base64.h b/lib/curlx/base64.h index 31cfcb36e7..3c97ecc9fe 100644 --- a/lib/curlx/base64.h +++ b/lib/curlx/base64.h @@ -24,12 +24,12 @@ * ***************************************************************************/ -CURLcode curlx_base64_encode(const char *inputbuff, size_t insize, +CURLcode curlx_base64_encode(const uint8_t *inputbuff, size_t insize, char **outptr, size_t *outlen); -CURLcode curlx_base64url_encode(const char *inputbuff, size_t insize, +CURLcode curlx_base64url_encode(const uint8_t *inputbuff, size_t insize, char **outptr, size_t *outlen); CURLcode curlx_base64_decode(const char *src, - unsigned char **outptr, size_t *outlen); + uint8_t **outptr, size_t *outlen); extern const char Curl_base64encdec[]; diff --git a/lib/http.c b/lib/http.c index 0319be3b65..672183db0e 100644 --- a/lib/http.c +++ b/lib/http.c @@ -367,7 +367,8 @@ static CURLcode http_output_basic(struct Curl_easy *data, bool proxy) if(!out) return CURLE_OUT_OF_MEMORY; - result = curlx_base64_encode(out, strlen(out), &authorization, &size); + result = curlx_base64_encode((uint8_t *)out, strlen(out), + &authorization, &size); if(result) goto fail; diff --git a/lib/http2.c b/lib/http2.c index 4f5f5ea52d..4f49efe768 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -1847,8 +1847,7 @@ CURLcode Curl_http2_request_upgrade(struct dynbuf *req, return CURLE_FAILED_INIT; } - result = curlx_base64url_encode((const char *)binsettings, binlen, - &base64, &blen); + result = curlx_base64url_encode(binsettings, binlen, &base64, &blen); if(result) { curlx_dyn_free(req); return result; diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index fa375b49bf..8cb6403fdb 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -205,7 +205,7 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) hostname, ntlm, &ntlmmsg); if(!result) { DEBUGASSERT(Curl_bufref_len(&ntlmmsg) != 0); - result = curlx_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg), + result = curlx_base64_encode(Curl_bufref_ptr(&ntlmmsg), Curl_bufref_len(&ntlmmsg), &base64, &len); if(!result) { free(*allocuserpwd); @@ -224,7 +224,7 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) result = Curl_auth_create_ntlm_type3_message(data, userp, passwdp, ntlm, &ntlmmsg); if(!result && Curl_bufref_len(&ntlmmsg)) { - result = curlx_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg), + result = curlx_base64_encode(Curl_bufref_ptr(&ntlmmsg), Curl_bufref_len(&ntlmmsg), &base64, &len); if(!result) { free(*allocuserpwd); diff --git a/lib/ldap.c b/lib/ldap.c index fa1a4a4d25..7f2af36643 100644 --- a/lib/ldap.c +++ b/lib/ldap.c @@ -626,7 +626,8 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) curl_strequal(";binary", attr + (attr_len - 7)) ) { /* Binary attribute, encode to base64. */ if(vals[i]->bv_len) { - result = curlx_base64_encode(vals[i]->bv_val, vals[i]->bv_len, + result = curlx_base64_encode((uint8_t *)vals[i]->bv_val, + vals[i]->bv_len, &val_b64, &val_b64_sz); if(result) { ldap_value_free_len(vals); diff --git a/lib/openldap.c b/lib/openldap.c index 41419df21b..806ccb33cc 100644 --- a/lib/openldap.c +++ b/lib/openldap.c @@ -1213,7 +1213,8 @@ static CURLcode oldap_recv(struct Curl_easy *data, int sockindex, char *buf, /* Binary value, encode to base64. */ if(bvals[i].bv_len) - result = curlx_base64_encode(bvals[i].bv_val, bvals[i].bv_len, + result = curlx_base64_encode((uint8_t *)bvals[i].bv_val, + bvals[i].bv_len, &val_b64, &val_b64_sz); if(!result) result = client_write(data, STRCONST(": "), val_b64, val_b64_sz, diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c index c1c0ab2ab2..16045707fd 100644 --- a/lib/vauth/digest.c +++ b/lib/vauth/digest.c @@ -710,7 +710,7 @@ static CURLcode auth_create_digest_http_message( if(result) return result; - result = curlx_base64_encode(cnoncebuf, sizeof(cnoncebuf), + result = curlx_base64_encode((uint8_t *)cnoncebuf, sizeof(cnoncebuf), &cnonce, &cnonce_sz); if(result) return result; diff --git a/lib/vauth/spnego_sspi.c b/lib/vauth/spnego_sspi.c index 9cf554d3b0..b36535557b 100644 --- a/lib/vauth/spnego_sspi.c +++ b/lib/vauth/spnego_sspi.c @@ -301,7 +301,7 @@ CURLcode Curl_auth_create_spnego_message(struct negotiatedata *nego, char **outptr, size_t *outlen) { /* Base64 encode the already generated response */ - CURLcode result = curlx_base64_encode((const char *)nego->output_token, + CURLcode result = curlx_base64_encode(nego->output_token, nego->output_token_length, outptr, outlen); if(!result && (!*outptr || !*outlen)) { diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c index 1c9fe5ac01..e4ceda8c34 100644 --- a/lib/vssh/libssh2.c +++ b/lib/vssh/libssh2.c @@ -602,7 +602,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data, /* The length of fingerprint is 32 bytes for SHA256. * See libssh2_hostkey_hash documentation. */ - if(curlx_base64_encode(fingerprint, 32, &fingerprint_b64, + if(curlx_base64_encode((const uint8_t *)fingerprint, 32, &fingerprint_b64, &fingerprint_b64_len) != CURLE_OK) { myssh_state(data, sshc, SSH_SESSION_FREE); return CURLE_PEER_FAILED_VERIFICATION; diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 2f526479c5..7ff5698e7c 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -4132,7 +4132,7 @@ static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl, int rv = 1; # ifndef HAVE_BORINGSSL_LIKE char *inner = NULL; - unsigned char *rcs = NULL; + uint8_t *rcs = NULL; char *outer = NULL; # else const char *inner = NULL; @@ -4156,7 +4156,7 @@ static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl, char *b64str = NULL; size_t blen = 0; - result = curlx_base64_encode((const char *)rcs, rcl, &b64str, &blen); + result = curlx_base64_encode(rcs, rcl, &b64str, &blen); if(!result && b64str) { infof(data, "ECH: retry_configs %s", b64str); free(b64str); diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index d116ec91ed..9c76ca7ed3 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -790,7 +790,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, sha256sumdigest, CURL_SHA256_DIGEST_LENGTH); if(!encode) - encode = curlx_base64_encode((char *)sha256sumdigest, + encode = curlx_base64_encode(sha256sumdigest, CURL_SHA256_DIGEST_LENGTH, &cert_hash, &cert_hash_len); Curl_safefree(sha256sumdigest); diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index c8fc8c4add..e622f909e5 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -1816,7 +1816,7 @@ static CURLcode wssl_handshake(struct Curl_cfilter *cf, char *b64str = NULL; size_t blen = 0; - result = curlx_base64_encode((const char *)echConfigs, echConfigsLen, + result = curlx_base64_encode(echConfigs, echConfigsLen, &b64str, &blen); if(!result && b64str) infof(data, "ECH: (not yet) retry_configs %s", b64str); diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c index 96eb512b90..417a5382d8 100644 --- a/lib/vtls/x509asn1.c +++ b/lib/vtls/x509asn1.c @@ -1228,7 +1228,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, curlx_dyn_reset(&out); /* Generate PEM certificate. */ - result = curlx_base64_encode(cert.certificate.beg, + result = curlx_base64_encode((const uint8_t *)cert.certificate.beg, cert.certificate.end - cert.certificate.beg, &certptr, &clen); if(result) diff --git a/lib/ws.c b/lib/ws.c index 36191b2fac..15dc2e9aea 100644 --- a/lib/ws.c +++ b/lib/ws.c @@ -1276,7 +1276,7 @@ CURLcode Curl_ws_request(struct Curl_easy *data, struct dynbuf *req) result = Curl_rand(data, rand, sizeof(rand)); if(result) return result; - result = curlx_base64_encode((char *)rand, sizeof(rand), &randstr, &randlen); + result = curlx_base64_encode(rand, sizeof(rand), &randstr, &randlen); if(result) return result; DEBUGASSERT(randlen < sizeof(keyval)); diff --git a/src/tool_ssls.c b/src/tool_ssls.c index 40e67a8044..2b67be9baa 100644 --- a/src/tool_ssls.c +++ b/src/tool_ssls.c @@ -159,7 +159,7 @@ static CURLcode tool_ssls_exp(CURL *easy, void *userptr, "# This file was generated by libcurl! Edit at your own risk.\n", ctx->fp); - r = curlx_base64_encode((const char *)shmac, shmac_len, &enc, &enc_len); + r = curlx_base64_encode(shmac, shmac_len, &enc, &enc_len); if(r) goto out; r = CURLE_WRITE_ERROR; @@ -168,7 +168,7 @@ static CURLcode tool_ssls_exp(CURL *easy, void *userptr, if(EOF == fputc(':', ctx->fp)) goto out; tool_safefree(enc); - r = curlx_base64_encode((const char *)sdata, sdata_len, &enc, &enc_len); + r = curlx_base64_encode(sdata, sdata_len, &enc, &enc_len); if(r) goto out; r = CURLE_WRITE_ERROR; diff --git a/src/var.c b/src/var.c index 94d79695ac..5cedf1d24a 100644 --- a/src/var.c +++ b/src/var.c @@ -150,7 +150,7 @@ static ParameterError varfunc(char *c, /* content */ if(clen) { char *enc; size_t elen; - CURLcode result = curlx_base64_encode(c, clen, &enc, &elen); + CURLcode result = curlx_base64_encode((uint8_t *)c, clen, &enc, &elen); if(result) { err = PARAM_NO_MEM; break; diff --git a/tests/unit/unit1302.c b/tests/unit/unit1302.c index 2c4404d727..911432a8c8 100644 --- a/tests/unit/unit1302.c +++ b/tests/unit/unit1302.c @@ -133,7 +133,7 @@ static CURLcode test_unit1302(const char *arg) size_t dlen; /* first encode */ - rc = curlx_base64_encode(e->input, e->ilen, &out, &olen); + rc = curlx_base64_encode((const uint8_t *)e->input, e->ilen, &out, &olen); abort_unless(rc == CURLE_OK, "return code should be CURLE_OK"); abort_unless(olen == e->olen, "wrong output size"); if(memcmp(out, e->output, e->olen)) { @@ -166,7 +166,8 @@ static CURLcode test_unit1302(const char *arg) struct etest *e = &url[i]; char *out; size_t olen; - rc = curlx_base64url_encode(e->input, e->ilen, &out, &olen); + rc = curlx_base64url_encode((const uint8_t *)e->input, e->ilen, + &out, &olen); abort_unless(rc == CURLE_OK, "return code should be CURLE_OK"); if(olen != e->olen) { curl_mfprintf(stderr, "Test %u URL encoded output length %zu "