[issue43086] Excess data in not handled properly in binascii.a2b_base64()
Gregory P. Smith
report at bugs.python.org
Sun Jul 18 20:56:06 EDT 2021
Gregory P. Smith <greg at krypto.org> added the comment:
I've merged Idan's PR adding a strict_mode parameter to a2b_base64. It defaults to False for backwards compatibility.
>From a security perspective, it'd be _ideal_ if this were True. But I expect doing that would break a bunch of existing code and tests that has been relying on some of the former leniency behaviors so I recommended the conservative approach of the old-behavior default. It'd be a good thing to change it to True, but disruptive. We need motivating reason to do that.
As it is a new feature due to the new parameter, this is for 3.11.
Workaround for Pythons without this: do a validity check before calling a2b_base64. I suspect a regex could be constructed for that if you're careful. If you come up with one, please share it here.
----------
components: +Extension Modules
resolution: -> fixed
stage: patch review -> commit review
status: open -> closed
versions: +Python 3.11 -Python 3.10
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue43086>
_______________________________________
More information about the Python-bugs-list
mailing list