Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
javax.xml.bind.DatatypeConverterImpl#parseBase64Binary has shortcomings that we should address. It does not (as the java docs suggest) throw IllegalArgumentException when the argument contains characters outside the valid base64 value space. Instead it will skip invalid characters in the (7-bit) ASCII range and throw a ArrayIndexOutOfBoundsException on non-ASCII characters.
We should guard against these cases. Maybe by wrapping javax.xml.bind.DatatypeConverterImpl in our own class and doing input validation there.