Base32 would decode some invalid Base32 encoded string into arbitrary value
---------------------------------------------------------------------------
Key: CODEC-134
URL: https://issues.apache.org/jira/browse/CODEC-134
Project: Commons Codec
Issue Type: Bug
Affects Versions: 1.6
Environment: All
Reporter: Hanson Char
Example, there is no byte array value that can be encoded into the string
"C5CYMIHWQUUZMKUGZHGEOSJSQDE4L===", but the existing Base32 implementation
would not reject it but decode it into an arbitrary value which if re-encoded
again using the same implementation would result in the string
"C5CYMIHWQUUZMKUGZHGEOSJSQDE4K===".
Instead of blindly decoding the invalid string, the Base32 codec should reject
it (eg by throwing IlleglArgumentException) to avoid security exploitation
(such as tunneling additional information via seemingly valid base 32 strings).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
