Ignore non-base64url characters during decode

HD Moore · HD Moore · commit 0d1fe377109b · 2015-03-22T16:16:47.000-05:00
diff --git a/lib/rex/text.rb b/lib/rex/text.rb
@@ -1140,14 +1140,18 @@ def self.decode_base64(str)
   # Base64 encoder (URL-safe RFC6920)
   #
   def self.encode_base64url(str, delim='')
-    encode_base64(str, delim).tr('+/', '-_').gsub('=', '')
+    encode_base64(str, delim).
+      tr('+/', '-_').
+      gsub('=', '')
   end
 
   #
-  # Base64 decoder (URL-safe RFC6920)
+  # Base64 decoder (URL-safe RFC6920, ignores invalid characters)
   #
   def self.decode_base64url(str)
-    decode_base64(str.tr('-_', '+/'))
+    decode_base64(
+      str.gsub(/[^a-zA-Z0-9_\-]/, '').
+      tr('-_', '+/'))
   end
 
   #

Original file line number	Diff line number	Diff line change
`@@ -1140,14 +1140,18 @@ def self.decode_base64(str)`
`1140`	`1140`	`# Base64 encoder (URL-safe RFC6920)`
`1141`	`1141`	`#`
`1142`	`1142`	`def self.encode_base64url(str, delim='')`
`1143`		`- encode_base64(str, delim).tr('+/', '-_').gsub('=', '')`
	`1143`	`+ encode_base64(str, delim).`
	`1144`	`+ tr('+/', '-_').`
	`1145`	`+ gsub('=', '')`
`1144`	`1146`	`end`
`1145`	`1147`
`1146`	`1148`	`#`
`1147`		`- # Base64 decoder (URL-safe RFC6920)`
	`1149`	`+ # Base64 decoder (URL-safe RFC6920, ignores invalid characters)`
`1148`	`1150`	`#`
`1149`	`1151`	`def self.decode_base64url(str)`
`1150`		`- decode_base64(str.tr('-_', '+/'))`
	`1152`	`+ decode_base64(`
	`1153`	`+ str.gsub(/[^a-zA-Z0-9_\-]/, '').`
	`1154`	`+ tr('-_', '+/'))`
`1151`	`1155`	`end`
`1152`	`1156`
`1153`	`1157`	`#`