From e79bc40c0a5312baf4e8c3e33048d50b41b4a2ff Mon Sep 17 00:00:00 2001 From: Lejo1 Date: Wed, 20 May 2020 21:54:52 +0200 Subject: [PATCH] Check for valid base64 before decoding (#9904) --- doc/lua_api.txt | 2 +- src/script/lua_api/l_util.cpp | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/doc/lua_api.txt b/doc/lua_api.txt index 0101bd4cf..bd0cb8acb 100644 --- a/doc/lua_api.txt +++ b/doc/lua_api.txt @@ -5449,7 +5449,7 @@ Misc. * Example: `minetest.rgba(10, 20, 30, 40)`, returns `"#0A141E28"` * `minetest.encode_base64(string)`: returns string encoded in base64 * Encodes a string in base64. -* `minetest.decode_base64(string)`: returns string +* `minetest.decode_base64(string)`: returns string or nil for invalid base64 * Decodes a string encoded in base64. * `minetest.is_protected(pos, name)`: returns boolean * Returning `true` restricts the player `name` from modifying (i.e. digging, diff --git a/src/script/lua_api/l_util.cpp b/src/script/lua_api/l_util.cpp index 28ee39fc8..cd63e20c2 100644 --- a/src/script/lua_api/l_util.cpp +++ b/src/script/lua_api/l_util.cpp @@ -318,9 +318,13 @@ int ModApiUtil::l_decode_base64(lua_State *L) NO_MAP_LOCK_REQUIRED; size_t size; - const char *data = luaL_checklstring(L, 1, &size); + const char *d = luaL_checklstring(L, 1, &size); + const std::string data = std::string(d, size); + + if (!base64_is_valid(data)) + return 0; - std::string out = base64_decode(std::string(data, size)); + std::string out = base64_decode(data); lua_pushlstring(L, out.data(), out.size()); return 1; -- 2.25.1