Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
Nightly Builds
-
None
-
Operating System: All
Platform: All
-
19860
Description
Reading the base64 code after the release I noticed that it isn't actually
RFC2045 compliant. Top of page 25, http://www.ietf.org/rfc/rfc2045.txt -
"Any characters outside of the base64 alphabet are to be ignored in
base64-encoded data."
Instead, the base64 decoder just throws away (some) whitespace. The lookups in
decodeBase64 will return -1 for illegal characters, which isn't checked for and
will be mistakenly incorporated into the data.
I guess the bug seems a little far-fetched, but XML 1.1 already had to expand
their definition of end-of-line to take account of text processing on
mainframes, which would trigger exactly this problem:
http://www.w3.org/TR/xml11/#sec2.11
I've been bitten by this one in the past, bizarrely enough, and was checking the
code to see if I could start using the apache codec instead of one I'd written.