Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: EJBCA 6.11.1
-
Component/s: None
-
Labels:
-
Issue discovered during:Jenkins
-
Sprint:EJBCA Happy Fun Sprint (6)
Description
I think BC 1.59's base64 decoder contains a bug.
Actually it's not a bug, but a behavioural change in BC where incorrectly padded base64 strings are no longer accepted (results in DecoderException).
Test which fails with a DecoderException in BC 1.59, but passed in BC 1.58
@Test public void testDecode() { Base64.decode("DAxFSkJDQSBTYW".getBytes()); }
The change which caused the bug the improvement is in commit ea9172fe8437daa6223b928bfd85b18a6fa93caf.
See history for Base64Encoder.java for a complete list of changes.
Here is the response from David Hook:
Hi Bastian, Yes, the intention of the changes was to further eliminate any possibility of incorrectly encoded data getting through. There is already at least one certification regime that includes tests around this. If you do come across any incorrect strings that do get through, please let us know. Just to check - you are referring to the ArrayIndexOutOfBoundsException as it is the cause aren't you? I see a DecoderException here (which is what should happen). If you have any further questions, please let me know. Thanks, David