#22123: baseXX API strictness ------------------------------+-------------------- Reporter: catalyst | Owner: Type: enhancement | Status: new Priority: Medium | Milestone: Component: Core Tor/Tor | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: #19531 Points: | Reviewer: Sponsor: | ------------------------------+-------------------- We should think about how strict to make decoders for our baseXX APIs. In some situations, it improves security to only have a single canonical encoding for any particular value. We should see where this is true in our code.
== Base16 == * case sensitivity (currently case-insensitive) == Base32 == * case sensitivity (currently case-insensitive -- also the standard default is uppercase and we use lowercase) * padding strictness (currently no padding at all, even with odd lengths?) * trailing bits strictness (in an odd-length decode, there might be leftover bits in the final non-padding character. for a canonical encoding, they should all be zero) == Base64 == * padding strictness * padding `=` characters only at end (currently any padding characters terminate decoding) * correct number of padding characters (currently not checked) * whitespace? (maybe only if explicitly allowed?) currently we allow any whitespace * trailing bits strictness (in an odd-length decode, there might be leftover bits in the final non-padding character. for a canonical encoding, they should all be zero) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22123> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs