diff options
| -rw-r--r-- | ext/standard/base64.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/ext/standard/base64.c b/ext/standard/base64.c index 352e7ea52c..e8d7f04aa4 100644 --- a/ext/standard/base64.c +++ b/ext/standard/base64.c @@ -145,12 +145,13 @@ PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length /* run through the whole string, converting as we go */ while (length-- > 0 && (ch = *current++) != '\0') { if (ch == base64_pad) { + /* fail if the padding character is second in a group (like V===) */ + /* FIXME: why do we still allow invalid padding in other places in the middle of the string? */ if (i % 4 == 1) { - if (length == 0 || *current != '=') { - zend_string_free(result); - return NULL; - } - } else if (length > 0 && *current != '=' && strict) { + zend_string_free(result); + return NULL; + } + if (length > 0 && *current != '=' && strict) { while (--length > 0 && isspace(*++current)) { continue; } |