From: Tal Einat <taleinat+github@gmail.com>
Date: Sun, 10 Jun 2018 07:01:50 +0000 (+0300)
Subject: bpo-33770: improve base64 exception message for encoded inputs of invalid length... 
X-Git-Tag: v3.8.0a1~1601
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1b85c71a2136d3fa6a1da05b27b1fe4e4b8ee45e;p=thirdparty%2FPython%2Fcpython.git

bpo-33770: improve base64 exception message for encoded inputs of invalid length (#7416)
---

diff --git a/Lib/test/test_binascii.py b/Lib/test/test_binascii.py
index 0997d9432bf6..c5fcc1ac1647 100644
--- a/Lib/test/test_binascii.py
+++ b/Lib/test/test_binascii.py
@@ -110,6 +110,34 @@ class BinASCIITest(unittest.TestCase):
         # empty strings. TBD: shouldn't it raise an exception instead ?
         self.assertEqual(binascii.a2b_base64(self.type2test(fillers)), b'')
 
+    def test_base64errors(self):
+        # Test base64 with invalid padding
+        def assertIncorrectPadding(data):
+            with self.assertRaisesRegex(binascii.Error, r'(?i)Incorrect padding'):
+                binascii.a2b_base64(self.type2test(data))
+
+        assertIncorrectPadding(b'ab')
+        assertIncorrectPadding(b'ab=')
+        assertIncorrectPadding(b'abc')
+        assertIncorrectPadding(b'abcdef')
+        assertIncorrectPadding(b'abcdef=')
+        assertIncorrectPadding(b'abcdefg')
+        assertIncorrectPadding(b'a=b=')
+        assertIncorrectPadding(b'a\nb=')
+
+        # Test base64 with invalid number of valid characters (1 mod 4)
+        def assertInvalidLength(data):
+            with self.assertRaisesRegex(binascii.Error, r'(?i)invalid.+length'):
+                binascii.a2b_base64(self.type2test(data))
+
+        assertInvalidLength(b'a')
+        assertInvalidLength(b'a=')
+        assertInvalidLength(b'a==')
+        assertInvalidLength(b'a===')
+        assertInvalidLength(b'a' * 5)
+        assertInvalidLength(b'a' * (4 * 87 + 1))
+        assertInvalidLength(b'A\tB\nC ??DE')  # only 5 valid characters
+
     def test_uu(self):
         MAX_UU = 45
         for backtick in (True, False):
diff --git a/Misc/NEWS.d/next/Library/2018-06-05-11-29-26.bpo-33770.oBhxxw.rst b/Misc/NEWS.d/next/Library/2018-06-05-11-29-26.bpo-33770.oBhxxw.rst
new file mode 100644
index 000000000000..a1529dda1a6d
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-06-05-11-29-26.bpo-33770.oBhxxw.rst
@@ -0,0 +1 @@
+improve base64 exception message for encoded inputs of invalid length
diff --git a/Modules/binascii.c b/Modules/binascii.c
index 59e99282ae35..5667018d6e1b 100644
--- a/Modules/binascii.c
+++ b/Modules/binascii.c
@@ -510,7 +510,18 @@ binascii_a2b_base64_impl(PyObject *module, Py_buffer *data)
     }
 
     if (leftbits != 0) {
-        PyErr_SetString(Error, "Incorrect padding");
+        if (leftbits == 6) {
+            /*
+            ** There is exactly one extra valid, non-padding, base64 character.
+            ** This is an invalid length, as there is no possible input that
+            ** could encoded into such a base64 string.
+            */
+            PyErr_SetString(Error,
+                            "Invalid base64-encoded string: "
+                            "length cannot be 1 more than a multiple of 4");
+        } else {
+            PyErr_SetString(Error, "Incorrect padding");
+        }
         _PyBytesWriter_Dealloc(&writer);
         return NULL;
     }