[Python-bugs-list] PR#110

Tue, 19 Oct 1999 01:18:45 -0400 (EDT)

This is a multi-part message in MIME format.
--------------7C60C9A4553E11C29CE94EE1
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Uhm, I just got a notice that you fixed the problem.  However, looking
at the CVS tree, it looks like you added:
        /* and remove any padding */
        bin_len -= npad;
        if (bin_len < 0)
                bin_len = 0;

This may fix the symptom, but it doesn't fix the underlying problems:

Sets of 4 pad sequences will cause the loss of encoded data, ie:
  'SGVsbG8K'      decoded is 'Hello\n'
  'SGVsbG8K===='  decoded is 'Hello'

Illegal pad sequences can appear anywhere:
  'a=aaa'  decodes to 'h\006', but
  is actually nonsense, according to the
  specification.

Characters >chr(127) are remapped to the lower 127 ASCII set (by masking
with 0x7f) instead of being ignored:
  'aaaa' and 'aaa\xe1' both decode to 'i\246\232',
  but the second form should ignore the '\xe1' and
  raise an Incorrect padding.

The patch included with this message ought to make binascii's base64
decoding routine RFC 2045 compliant.  Please see section 6.8 at
"http://www.faqs.org/rfcs/rfc2045.html" for details on what RFC 2045 is.

The problems that I fixed with binascii are:
 -- Illegal padding now generates an exception.
	(binascii.Error: Invalid pad sequence)

 -- Padding now indicates EOI (as per RFC)
    Previously, padding could be used anywhere
    in input, violating the RFC.

 -- Padding no longer removes characters from
    data string (resulting in lost data/strings
    with negative lengths).

 -- Illegal characters now ignored, instead of 
    possibly being remapped to a valid character.

Base64 decoding should (hopefully!) be RFC 2045 compliant with this
patch!  If you can, let me know any problems you find in the patch.

Here's how to apply the patch in this message:
 1) Go into your Python source directory & go into the Modules/
    directory.
 2) Make sure you have an unmodified Python 1.5.2 binascii.c file.
 3) Type: patch -N binascii.c binascii.patch

Anyway, I just want to say that I love using Python (my favorite
language for 3 years now!).  This is the first time that I've actually
had the chance to help advance an open-source style project, and I hope
that I've done things right.  Thanks!

	Jason Trowbridge
	ratman@nmt.edu
--------------7C60C9A4553E11C29CE94EE1
Content-Type: application/octet-stream;
 name="binascii.patch"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="binascii.patch"

LS0tIG9sZGVyL01vZHVsZXMvYmluYXNjaWkuYwlTYXQgT2N0IDE2IDE4OjQ0OjIxIDE5OTkK
KysrIG5ld2VzdC9Nb2R1bGVzL2JpbmFzY2lpLmMJTW9uIE9jdCAxOCAxNTo1MzoxNCAxOTk5
CkBAIC03NSw2ICs3NSwyMSBAQAogKiogSmFjayBKYW5zZW4sIENXSSwgSnVseSAxOTk1Lgog
Ki8KIAorLyogIENvdXBsZSBvZiBidWcgZml4ZXMgaW4gdGhlIGJpbmFzY2lpX2EyYl9iYXNl
NjQoKToKKyAqICAgIC0tIElsbGVnYWwgcGFkZGluZyBub3cgZ2VuZXJhdGVzIGV4Y2VwdGlv
bnMgCisgKiAgICAtLSBQYWRkaW5nIG5vdyBpbmRpY2F0ZXMgRU9JIChhcyBwZXIgUkZDKQor
ICogICAgLS0gUGFkZGluZyBubyBsb25nZXIgcmVtb3ZlcyBjaGFyYWN0ZXJzIGZyb20KKyAq
ICAgICAgIGRhdGEgc3RyaW5nIChyZXN1bHRpbmcgaW4gbG9zdCBkYXRhL3N0cmluZ3MKKyAq
ICAgICAgIHdpdGggbmVnYXRpdmUgbGVuZ3RocykKKyAqICAgIC0tIElsbGVnYWwgY2hhcmFj
dGVycyBub3cgaWdub3JlZCwgaW5zdGVhZCBvZiAKKyAqICAgICAgIHBvc3NpYmx5IGJlaW5n
IHJlbWFwcGVkIHRvIGEgdmFsaWQgY2hhcmFjdGVyCisgKiAgICAtLSBCYXNlNjQgZGVjb2Rp
bmcgaXMgbm93IFJGQyAyMDQ1IGNvbXBsaWFudCAoaG9wZWZ1bGx5ISkKKyAqCisgKiAgVGhh
bmtzIHRvIEhydm9qZSBOaWtzaWMgdG8gcG9pbnRpbmcgbWUgdG8gYSBtdWNoCisgKiAgbW9y
ZSB1cC10by1kYXRlIFJGQyB0aGFuIEkgd2FzIG9yaWdpbmFsbHkgdXNpbmcuCisgKiAKKyAq
ICAtLUphc29uIFRyb3dicmlkZ2UgKHJhdG1hbkBubXQuZWR1KQorICovCiAKICNpbmNsdWRl
ICJQeXRob24uaCIKIApAQCAtMzI4LDYgKzM0MywzMCBAQAogCXJldHVybiBydjsKIH0KIAor
CitpbnQgYmluYXNjaWlfZmluZF92YWxpZCggY2hhciAqcywgaW50IHNsZW4sIGludCBudW0g
KQoreworCS8qIEZpbmRzICYgcmV0dXJucyB0aGUgKG51bSsxKXRoIAorCSoqIHZhbGlkIGNo
YXJhY3RlciBmb3IgYmFzZTY0LCBvciAtMSBpZiBub25lLiAqLworCisJaW50IHJldCA9IC0x
OworCXVuc2lnbmVkIGNoYXIgYywgYjY0dmFsOworCisJd2hpbGUgKChzbGVuID4gMCkgJiYg
KHJldCA9PSAtMSkpIHsKKwkJYyA9ICpzOworCQliNjR2YWwgPSB0YWJsZV9hMmJfYmFzZTY0
W2MgJiAweDdmXTsKKwkJaWYgKCAoKGMgPD0gMHg3ZikgJiYgKGI2NHZhbCAhPSAodW5zaWdu
ZWQgY2hhciktMSkpICkgeworCQkJaWYgKG51bSA9PSAwKQorCQkJCXJldCA9ICpzOworCQkJ
bnVtLS07CisJCX0KKworCQlzKys7CisJCXNsZW4tLTsKKwl9CisJcmV0dXJuIHJldDsKK30K
Kwogc3RhdGljIGNoYXIgZG9jX2EyYl9iYXNlNjRbXSA9ICIoYXNjaWkpIC0+IGJpbi4gRGVj
b2RlIGEgbGluZSBvZiBiYXNlNjQgZGF0YSI7CiAKIHN0YXRpYyBQeU9iamVjdCAqCkBAIC0z
MzksOSArMzc4LDkgQEAKIAlpbnQgbGVmdGJpdHMgPSAwOwogCXVuc2lnbmVkIGNoYXIgdGhp
c19jaDsKIAl1bnNpZ25lZCBpbnQgbGVmdGNoYXIgPSAwOwotCWludCBucGFkID0gMDsKIAlQ
eU9iamVjdCAqcnY7CiAJaW50IGFzY2lpX2xlbiwgYmluX2xlbjsKKwlpbnQgcXVhZF9wb3Mg
PSAwOwogCQogCWlmICggIVB5QXJnX1BhcnNlVHVwbGUoYXJncywgInQjIiwgJmFzY2lpX2Rh
dGEsICZhc2NpaV9sZW4pICkKIAkJcmV0dXJuIE5VTEw7CkBAIC0zNTMsMzcgKzM5Miw2MCBA
QAogCQlyZXR1cm4gTlVMTDsKIAliaW5fZGF0YSA9ICh1bnNpZ25lZCBjaGFyICopUHlTdHJp
bmdfQXNTdHJpbmcocnYpOwogCWJpbl9sZW4gPSAwOwotCWZvciggOyBhc2NpaV9sZW4gPiAw
IDsgYXNjaWlfbGVuLS0sIGFzY2lpX2RhdGErKyApIHsKLQkJLyogU2tpcCBzb21lIHB1bmN0
dWF0aW9uICovCi0JCXRoaXNfY2ggPSAoKmFzY2lpX2RhdGEgJiAweDdmKTsKLQkJaWYgKCB0
aGlzX2NoID09ICdccicgfHwgdGhpc19jaCA9PSAnXG4nIHx8IHRoaXNfY2ggPT0gJyAnICkK
KworCWZvciggOyBhc2NpaV9sZW4gPiAwOyBhc2NpaV9sZW4tLSwgYXNjaWlfZGF0YSsrKSB7
CisJCXRoaXNfY2ggPSAqYXNjaWlfZGF0YTsKKworCQlpZiAodGhpc19jaCA+IDB4N2YgfHwg
dGhpc19jaCA9PSAnXHInIHx8IHRoaXNfY2ggPT0gJ1xuJyB8fCB0aGlzX2NoID09ICcgJykK
KwkJCWNvbnRpbnVlOworCisJCS8qIENoZWNrIGZvciBwYWQgc2VxdWVuY2VzLgorCQkqKiBJ
bnZhbGlkIHBhZCBzZXF1ZW5jZXMgbmVlZCB0byBnZW5lcmF0ZSBhbiBleGNlcHRpb24uCisJ
CSoqIFZhbGlkIHBhZCBzZXF1ZW5jZXMgaW5kaWNhdGUgdGhlIGVuZCBvZiB0aGUgYmFzZTY0
CisJCSoqIGlucHV0LgorCQkqLworCQlpZiAodGhpc19jaCA9PSBCQVNFNjRfUEFEKSB7ICAv
KiBFeGNlcHRpb24gb24gaW52YWxpZCBwYWQgc2VxdWVuY2VzICovCisJCQlpZiAoIChxdWFk
X3BvcyA8IDIpIHx8ICgocXVhZF9wb3MgPT0gMikgJiYgCisJCQkJCQkJCQkJCQkJCQkoYmlu
YXNjaWlfZmluZF92YWxpZChhc2NpaV9kYXRhLCBhc2NpaV9sZW4sIDEpICE9IEJBU0U2NF9Q
QUQpKSApIHsKKwkJCQlQeUVycl9TZXRTdHJpbmcoRXJyb3IsICJJbnZhbGlkIHBhZCBzZXF1
ZW5jZSIpOworCQkJCVB5X0RFQ1JFRihydik7CisJCQkJcmV0dXJuIE5VTEw7CisKKwkJCX0g
ZWxzZSB7CisJCQkJLyogQSBwYWQgc2VxdWVuY2UgbWVhbnMgbm8gbW9yZSBpbnB1dC4gIFdl
J3ZlIGFscmVhZHkgaW50ZXJwcmV0ZWQKKwkJCQkqKiB0aGUgZGF0YSBmcm9tIHRoZSBxdWFk
IGF0IHRoaXMgcG9pbnQuCisJCQkJKi8KKwkJCQlsZWZ0Yml0cyA9IDA7CisJCQkJYnJlYWs7
CisJCQl9CisJCX0KKworCQl0aGlzX2NoID0gdGFibGVfYTJiX2Jhc2U2NFsqYXNjaWlfZGF0
YV07CisJCWlmICggdGhpc19jaCA9PSAodW5zaWduZWQgY2hhcikgLTEgKQogCQkJY29udGlu
dWU7Ci0JCQotCQlpZiAoIHRoaXNfY2ggPT0gQkFTRTY0X1BBRCApCi0JCQlucGFkKys7Ci0J
CXRoaXNfY2ggPSB0YWJsZV9hMmJfYmFzZTY0WygqYXNjaWlfZGF0YSkgJiAweDdmXTsKLQkJ
aWYgKCB0aGlzX2NoID09ICh1bnNpZ25lZCBjaGFyKSAtMSApIGNvbnRpbnVlOworCiAJCS8q
CiAJCSoqIFNoaWZ0IGl0IGluIG9uIHRoZSBsb3cgZW5kLCBhbmQgc2VlIGlmIHRoZXJlJ3MK
IAkJKiogYSBieXRlIHJlYWR5IGZvciBvdXRwdXQuCiAJCSovCisJCXF1YWRfcG9zID0gKHF1
YWRfcG9zICsgMSkgJiAweDAzOwogCQlsZWZ0Y2hhciA9IChsZWZ0Y2hhciA8PCA2KSB8ICh0
aGlzX2NoKTsKIAkJbGVmdGJpdHMgKz0gNjsKKwogCQlpZiAoIGxlZnRiaXRzID49IDggKSB7
CiAJCQlsZWZ0Yml0cyAtPSA4OwogCQkJKmJpbl9kYXRhKysgPSAobGVmdGNoYXIgPj4gbGVm
dGJpdHMpICYgMHhmZjsKLQkJCWxlZnRjaGFyICY9ICgoMSA8PCBsZWZ0Yml0cykgLSAxKTsK
IAkJCWJpbl9sZW4rKzsKKwkJCWxlZnRjaGFyICY9ICgoMSA8PCBsZWZ0Yml0cykgLSAxKTsK
IAkJfQotCX0KLQkvKiBDaGVjayB0aGF0IG5vIGJpdHMgYXJlIGxlZnQgKi8KLQlpZiAoIGxl
ZnRiaXRzICkgeworIAl9CisKKwlpZiAobGVmdGJpdHMgIT0gMCkgewogCQlQeUVycl9TZXRT
dHJpbmcoRXJyb3IsICJJbmNvcnJlY3QgcGFkZGluZyIpOwogCQlQeV9ERUNSRUYocnYpOwog
CQlyZXR1cm4gTlVMTDsKIAl9Ci0JLyogYW5kIHJlbW92ZSBhbnkgcGFkZGluZyAqLwotCWJp
bl9sZW4gLT0gbnBhZDsKKwogCS8qIGFuZCBzZXQgc3RyaW5nIHNpemUgY29ycmVjdGx5ICov
CiAJX1B5U3RyaW5nX1Jlc2l6ZSgmcnYsIGJpbl9sZW4pOwogCXJldHVybiBydjsK
--------------7C60C9A4553E11C29CE94EE1--