[Libwebsockets] Issue with lws_b64_decode_string in some cases - what's wrong ?

Andy Green andy at warmcat.com
Wed Aug 3 21:26:22 CEST 2016


On Wed, 2016-08-03 at 14:40 +0000, Shmuel Weiss wrote:
> Hi Andy,
>  
> Strange issue with lws_b64_decode_string:
>  
> Look at this Authorization field into an HTTP header “Basic
> QWRtaW46a2xvaWtsb2k=“
>  
> After decrypt using lws_b64_decode_string  I got: ”Admin:kloikloi,”
>  
> This should be ”Admin:kloikloi” without the comma at the end. (you
> can check with https://www.base64decode.org/)
>  
> Can you please check ? (I have compiled the code for arm on BBB
> 32bits using gcc4.9 linaro)
> This problem is not reproducible with all the strings, just in some
> cases I am getting an extra character.
> IN this example, I am getting always this extra character.
>  
> My code:
> myValidateFunc()
> {
>     static char login[64];
>     memset(login,0,sizeof(login));
>     std::string login_field=”QWRtaW46a2xvaWtsb2k=”;
>     int n =
> lws_b64_decode_string(login_field.c_str(),login,sizeof(login));
>     printf(“%s”,login);
>  
> }

You're right, it's a bug.  Ws handshake never hits it because the
lengths are fixed and not one it fails on, and since it's only a
problem in decode, nor does lws other b64 use in proxy auth generation
which uses encode.  So it's been hiding there a while.

I added the worked example from the wikipedia page to the selftest
code, along with the fix here

https://github.com/warmcat/libwebsockets/commit/eaf9087708e41873a26654f
1edef20a9d16c481d

or just update to current master to get it.

-Andy

> I am using v2.0.0-91-gaf0b051 of libwebsockets
>  
> Thanks.
>  
> Sam.
>  
> This mail was sent via Mail-SeCure System.
>  _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> http://libwebsockets.org/mailman/listinfo/libwebsockets



More information about the Libwebsockets mailing list