diff options
| author | Lauri Kenttä <lauri.kentta@gmail.com> | 2016-07-11 12:40:01 +0300 |
|---|---|---|
| committer | Nikita Popov <nikic@php.net> | 2016-07-22 18:03:55 +0200 |
| commit | f775199ac70abef4bf7fa29c805d73df09131e21 (patch) | |
| tree | 397d69c95c860308232545cf4c0e33b635654053 | |
| parent | 76f6f3583ce466aa5cf76d3be3deba04e4935f18 (diff) | |
| download | php-git-f775199ac70abef4bf7fa29c805d73df09131e21.tar.gz | |
Require strict base64 in openssl_decode
Using invalid data in a security-related context makes no sense,
and there's even a test which depends on invalid base64 data failing,
even though it currently fails for the wrong reasons by sheer luck.
| -rw-r--r-- | ext/openssl/openssl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index e01d4a50e6..d41ba73291 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -6375,7 +6375,7 @@ PHP_FUNCTION(openssl_decrypt) php_openssl_load_cipher_mode(&mode, cipher_type); if (!(options & OPENSSL_RAW_DATA)) { - base64_str = php_base64_decode((unsigned char*)data, (int)data_len); + base64_str = php_base64_decode_ex((unsigned char*)data, (int)data_len, 1); if (!base64_str) { php_error_docref(NULL, E_WARNING, "Failed to base64 decode the input"); EVP_CIPHER_CTX_free(cipher_ctx); |