From: Shivani Bhardwaj <shivani@oisf.net>
Date: Tue, 11 Jul 2023 09:12:05 +0000 (+0530)
Subject: util/mime: skip over any invalid char
X-Git-Tag: suricata-6.0.14~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cdd6e20fbafadbfbae41ae44d7545eb6a93b7b45;p=thirdparty%2Fsuricata.git

util/mime: skip over any invalid char

For certain edge case handling for spaces, spaces were handled
particularly in the remainder processing functions. Make sure that now
that as per RFC 2045, util-base64 would skip over any invalid char, the
edge cases in MIME processor also be handled the same way.

This completes the work done in e46b033.

Ticket 6135
Ticket 6207

(cherry picked from commit 789353bc1e1aa23d075f16af25df84df00c68682)
---

diff --git a/src/util-base64.c b/src/util-base64.c
index f2abfe4a2e..13a8e1eabb 100644
--- a/src/util-base64.c
+++ b/src/util-base64.c
@@ -62,6 +62,21 @@ static inline int GetBase64Value(uint8_t c)
     return val;
 }
 
+/**
+ * \brief Checks if the given char in a byte array is Base64 alphabet
+ *
+ * \param Char that needs to be checked
+ *
+ * \return True if the char was Base64 alphabet, False otherwise
+ */
+bool IsBase64Alphabet(uint8_t encoded_byte)
+{
+    if (GetBase64Value(encoded_byte) < 0 && encoded_byte != '=') {
+        return false;
+    }
+    return true;
+}
+
 /**
  * \brief Decodes a 4-byte base64-encoded block into a 3-byte ascii-encoded block
  *
diff --git a/src/util-base64.h b/src/util-base64.h
index fdaf9d6fa0..ce490d4658 100644
--- a/src/util-base64.h
+++ b/src/util-base64.h
@@ -95,6 +95,7 @@ typedef enum {
 /* Function prototypes */
 Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src, uint32_t len,
         uint32_t *consumed_bytes, uint32_t *decoded_bytes, Base64Mode mode);
+bool IsBase64Alphabet(uint8_t encoded_byte);
 
 #endif
 
diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c
index d5e2f1c2e5..b6c231b363 100644
--- a/src/util-decode-mime.c
+++ b/src/util-decode-mime.c
@@ -1197,7 +1197,7 @@ static uint32_t ProcessBase64Remainder(
 
     /* Strip spaces in remainder */
     for (uint8_t i = 0; i < state->bvr_len; i++) {
-        if (state->bvremain[i] != ' ') {
+        if (IsBase64Alphabet(state->bvremain[i])) {
             block[cnt++] = state->bvremain[i];
         }
     }
@@ -1205,7 +1205,7 @@ static uint32_t ProcessBase64Remainder(
     /* if we don't have 4 bytes see if we can fill it from `buf` */
     if (buf && len > 0 && cnt != B64_BLOCK) {
         for (uint32_t i = 0; i < len && cnt < B64_BLOCK; i++) {
-            if (buf[i] != ' ') {
+            if (IsBase64Alphabet(buf[i])) {
                 block[cnt++] = buf[i];
             }
             buf_consumed++;
@@ -1289,7 +1289,8 @@ static inline MimeDecRetCode ProcessBase64BodyLineCopyRemainder(
         return MIME_DEC_ERR_DATA;
 
     for (uint32_t i = offset; i < buf_len; i++) {
-        if (buf[i] != ' ') {
+        // Skip any characters outside of the base64 alphabet as per RFC 2045
+        if (IsBase64Alphabet(buf[i])) {
             DEBUG_VALIDATE_BUG_ON(state->bvr_len >= B64_BLOCK);
             if (state->bvr_len >= B64_BLOCK)
                 return MIME_DEC_ERR_DATA;