Skip to content

Commit 0b0347b

Browse files
zandbeltzandbelt
committed
oidc_util_base64_decode: check NULL inputs
test: complete util/base64.c coverage Signed-off-by: Hans Zandbelt <[email protected]>
1 parent 6f9aed1 commit 0b0347b

File tree

3 files changed

+29
-6
lines changed

3 files changed

+29
-6
lines changed

ChangeLog

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
08/31/2025
22
- pass JSON real claims without trailing zeros, use 8 digits precision instead of 6
33
- test: complete util/appinfo.c coverage
4+
- oidc_util_base64_decode: check NULL inputs
5+
- test: complete util/base64.c coverage
46

57
08/27/2025
68
- improve Redis (and Metrics) performance on process MPMs by using

src/util/base64.c

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -82,11 +82,15 @@ int oidc_util_base64url_encode(request_rec *r, char **dst, const char *src, int
8282
* parse a base64 encoded binary value from the provided string
8383
*/
8484
char *oidc_util_base64_decode(apr_pool_t *pool, const char *input, char **output, int *output_len) {
85-
int len = apr_base64_decode_len(input);
86-
*output = apr_pcalloc(pool, len);
85+
if ((input == NULL) || (output == NULL) || (output_len == 0))
86+
return apr_psprintf(pool, "base64-decoding of failed: invalid parameters");
87+
88+
*output = apr_pcalloc(pool, apr_base64_decode_len(input));
8789
*output_len = apr_base64_decode(*output, input);
90+
8891
if (*output_len <= 0)
8992
return apr_psprintf(pool, "base64-decoding of \"%s\" failed", input);
93+
9094
return NULL;
9195
}
9296

test/test_util.c

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,13 @@
4949
START_TEST(test_util_base64url_encode) {
5050
int len = -1;
5151
char *dst = NULL;
52-
const char *src = "test";
52+
const char *src = NULL;
53+
54+
len = oidc_util_base64url_encode(oidc_test_request_get(), &dst, NULL, 0, 1);
55+
ck_assert_ptr_null(dst);
56+
ck_assert_int_eq(len, -1);
57+
58+
src = "test";
5359
len = oidc_util_base64url_encode(oidc_test_request_get(), &dst, src, _oidc_strlen(src), 1);
5460
ck_assert_msg(dst != NULL, "dst value is NULL");
5561
ck_assert_int_eq(len, 6);
@@ -69,6 +75,16 @@ START_TEST(test_util_base64_decode) {
6975
const char *input = "dGVzdA==";
7076
char *output = NULL;
7177
int len = -1;
78+
79+
rv = oidc_util_base64_decode(oidc_test_pool_get(), NULL, &output, &len);
80+
ck_assert_ptr_nonnull(rv);
81+
ck_assert_ptr_null(output);
82+
ck_assert_int_eq(len, -1);
83+
84+
rv = oidc_util_base64_decode(oidc_test_pool_get(), "\\", &output, &len);
85+
ck_assert_ptr_nonnull(rv);
86+
ck_assert_int_eq(len, 0);
87+
7288
rv = oidc_util_base64_decode(oidc_test_pool_get(), input, &output, &len);
7389
ck_assert_msg(rv == NULL, "return value is not NULL");
7490
ck_assert_int_eq(len, 4);
@@ -78,12 +94,13 @@ END_TEST
7894

7995
START_TEST(test_util_base64url_decode) {
8096
int len = -1;
81-
char *src = "dGVzdA==";
97+
char *src = "c3ViamVjdHM_X2Q9MQ-Tl5u,";
8298
char *dst = NULL;
8399
len = oidc_util_base64url_decode(oidc_test_pool_get(), &dst, src);
84100
ck_assert_msg(dst != NULL, "dst value is NULL");
85-
ck_assert_int_eq(len, 4);
86-
ck_assert_str_eq(dst, "test");
101+
ck_assert_int_eq(len, 17);
102+
// TODO: need binary compare
103+
// ck_assert_str_eq(dst, "subjects?_d=1���");
87104
}
88105
END_TEST
89106

0 commit comments

Comments
 (0)