Reject non-zero padding bits in base64/base32 decoding

gpshead · claude · gpshead · commit 8451e2224940 · 2026-03-22T14:44:56.000-07:00
Add leftchar validation after the main decode loop in a2b_base64
(strict_mode only) and a2b_base32 (always). Fix existing test data
that incidentally had non-zero padding bits to use characters with
zero trailing bits while preserving the same decoded output.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/Lib/test/test_binascii.py b/Lib/test/test_binascii.py
@@ -183,8 +183,8 @@ def assertExcessPadding(*args):
         def assertInvalidLength(*args):
             _assertRegexTemplate(r'(?i)Invalid.+number of data characters', *args)
 
-        assertExcessPadding(b'ab===', b'i')
-        assertExcessPadding(b'ab====', b'i')
+        assertExcessPadding(b'aQ===', b'i')
+        assertExcessPadding(b'aQ====', b'i')
         assertExcessPadding(b'abc==', b'i\xb7')
         assertExcessPadding(b'abc===', b'i\xb7')
         assertExcessPadding(b'abc====', b'i\xb7')
@@ -201,7 +201,7 @@ def assertInvalidLength(*args):
         assertLeadingPadding(b'====abcd', b'i\xb7\x1d')
         assertLeadingPadding(b'=====abcd', b'i\xb7\x1d')
 
-        assertInvalidLength(b'a=b==', b'i')
+        assertInvalidLength(b'a=Q==', b'i')
         assertInvalidLength(b'a=bc=', b'i\xb7')
         assertInvalidLength(b'a=bc==', b'i\xb7')
         assertInvalidLength(b'a=bcd', b'i\xb7\x1d')
@@ -241,17 +241,17 @@ def assertNonBase64Data(data, expected, ignorechars):
             self.assertEqual(binascii.a2b_base64(data, strict_mode=False, ignorechars=b''),
                              expected)
 
-        assertNonBase64Data(b'\nab==', b'i', ignorechars=b'\n')
-        assertNonBase64Data(b'ab:(){:|:&};:==', b'i', ignorechars=b':;(){}|&')
-        assertNonBase64Data(b'a\nb==', b'i', ignorechars=b'\n')
-        assertNonBase64Data(b'a\x00b==', b'i', ignorechars=b'\x00')
-        assertNonBase64Data(b'ab:==', b'i', ignorechars=b':')
-        assertNonBase64Data(b'ab=:=', b'i', ignorechars=b':')
-        assertNonBase64Data(b'ab==:', b'i', ignorechars=b':')
+        assertNonBase64Data(b'\naQ==', b'i', ignorechars=b'\n')
+        assertNonBase64Data(b'aQ:(){:|:&};:==', b'i', ignorechars=b':;(){}|&')
+        assertNonBase64Data(b'a\nQ==', b'i', ignorechars=b'\n')
+        assertNonBase64Data(b'a\x00Q==', b'i', ignorechars=b'\x00')
+        assertNonBase64Data(b'aQ:==', b'i', ignorechars=b':')
+        assertNonBase64Data(b'aQ=:=', b'i', ignorechars=b':')
+        assertNonBase64Data(b'aQ==:', b'i', ignorechars=b':')
         assertNonBase64Data(b'abc=:', b'i\xb7', ignorechars=b':')
-        assertNonBase64Data(b'ab==\n', b'i', ignorechars=b'\n')
-        assertNonBase64Data(b'a\nb==', b'i', ignorechars=bytearray(b'\n'))
-        assertNonBase64Data(b'a\nb==', b'i', ignorechars=memoryview(b'\n'))
+        assertNonBase64Data(b'aQ==\n', b'i', ignorechars=b'\n')
+        assertNonBase64Data(b'a\nQ==', b'i', ignorechars=bytearray(b'\n'))
+        assertNonBase64Data(b'a\nQ==', b'i', ignorechars=memoryview(b'\n'))
 
         # Same cell in the cache: '\r' >> 3 == '\n' >> 3.
         data = self.type2test(b'\r\n')
@@ -335,8 +335,8 @@ def assertInvalidLength(data, strict_mode=True):
                             strict_mode=False)
 
     def test_base64_nonzero_padding_bits(self):
-        # RFC 4648 § 3.5: Implementations MUST reject encoded data if it
-        # contains pad bits that are not zero.
+        # https://datatracker.ietf.org/doc/html/rfc4648.html#section-3.5
+        # Decoders MAY reject encoded data if the pad bits are not zero.
 
         # 2 data chars + "==": last char has 4 padding bits
         # 'A' = 0, 'B' = 1 → 000000 000001 → byte 0x00, leftover 0001 (non-zero)
@@ -766,19 +766,19 @@ def assertInvalidLength(*args):
         assertExcessData(b"ABCDEFG=H")
         assertExcessData(b"432Z====55555555")
 
-        assertExcessData(b"BE======EF", b"\t\x08")
+        assertExcessData(b"BE======EA", b"\t\x08")
         assertExcessData(b"BEEF====C", b"\t\x08Q")
-        assertExcessData(b"BEEFC===AK", b"\t\x08Q\x01")
+        assertExcessData(b"BEEFC===AI", b"\t\x08Q\x01")
         assertExcessData(b"BEEFCAK=E", b"\t\x08Q\x01D")
 
         assertExcessPadding(b"BE=======", b"\t")
         assertExcessPadding(b"BE========", b"\t")
-        assertExcessPadding(b"BEEF=====", b"\t\x08")
-        assertExcessPadding(b"BEEF======", b"\t\x08")
+        assertExcessPadding(b"BEEA=====", b"\t\x08")
+        assertExcessPadding(b"BEEA======", b"\t\x08")
         assertExcessPadding(b"BEEFC====", b"\t\x08Q")
         assertExcessPadding(b"BEEFC=====", b"\t\x08Q")
-        assertExcessPadding(b"BEEFCAK==", b"\t\x08Q\x01")
-        assertExcessPadding(b"BEEFCAK===", b"\t\x08Q\x01")
+        assertExcessPadding(b"BEEFCAI==", b"\t\x08Q\x01")
+        assertExcessPadding(b"BEEFCAI===", b"\t\x08Q\x01")
         assertExcessPadding(b"BEEFCAKE=", b"\t\x08Q\x01D")
         assertExcessPadding(b"BEEFCAKE==", b"\t\x08Q\x01D")
         assertExcessPadding(b"BEEFCAKE===", b"\t\x08Q\x01D")
@@ -818,16 +818,16 @@ def assertInvalidLength(*args):
         assertIncorrectPadding(b"BE===", b"\t")
         assertIncorrectPadding(b"BE====", b"\t")
         assertIncorrectPadding(b"BE=====", b"\t")
-        assertIncorrectPadding(b"BEEF=", b"\t\x08")
-        assertIncorrectPadding(b"BEEF==", b"\t\x08")
-        assertIncorrectPadding(b"BEEF===", b"\t\x08")
+        assertIncorrectPadding(b"BEEA=", b"\t\x08")
+        assertIncorrectPadding(b"BEEA==", b"\t\x08")
+        assertIncorrectPadding(b"BEEA===", b"\t\x08")
         assertIncorrectPadding(b"BEEFC=", b"\t\x08Q")
         assertIncorrectPadding(b"BEEFC==", b"\t\x08Q")
 
-        assertDiscontinuousPadding(b"BE=EF===", b"\t\x08")
-        assertDiscontinuousPadding(b"BE==EF==", b"\t\x08")
+        assertDiscontinuousPadding(b"BE=EA===", b"\t\x08")
+        assertDiscontinuousPadding(b"BE==EA==", b"\t\x08")
         assertDiscontinuousPadding(b"BEEF=C==", b"\t\x08Q")
-        assertDiscontinuousPadding(b"BEEFC=AK", b"\t\x08Q\x01")
+        assertDiscontinuousPadding(b"BEEFC=AI", b"\t\x08Q\x01")
 
         assertInvalidLength(b"A")
         assertInvalidLength(b"ABC")
@@ -847,14 +847,14 @@ def assertInvalidLength(*args):
 
         assertInvalidLength(b"B=E=====", b"\t")
         assertInvalidLength(b"B==E====", b"\t")
-        assertInvalidLength(b"BEE=F===", b"\t\x08")
-        assertInvalidLength(b"BEE==F==", b"\t\x08")
-        assertInvalidLength(b"BEEFCA=K", b"\t\x08Q\x01")
-        assertInvalidLength(b"BEEFCA=====K", b"\t\x08Q\x01")
+        assertInvalidLength(b"BEE=A===", b"\t\x08")
+        assertInvalidLength(b"BEE==A==", b"\t\x08")
+        assertInvalidLength(b"BEEFCA=I", b"\t\x08Q\x01")
+        assertInvalidLength(b"BEEFCA=====I", b"\t\x08Q\x01")
 
     def test_base32_nonzero_padding_bits(self):
-        # RFC 4648 § 3.5: Implementations MUST reject encoded data if it
-        # contains pad bits that are not zero.
+        # https://datatracker.ietf.org/doc/html/rfc4648.html#section-3.5
+        # Decoders MAY reject encoded data if the pad bits are not zero.
 
         # 2 data chars + "======": last char has 2 padding bits
         # 'AB' → 00000 00001 → byte 0x00, leftover 01 (non-zero)
diff --git a/Modules/binascii.c b/Modules/binascii.c
@@ -902,6 +902,16 @@ binascii_a2b_base64_impl(PyObject *module, Py_buffer *data, int strict_mode,
         goto error_end;
     }
 
+    /* https://datatracker.ietf.org/doc/html/rfc4648.html#section-3.5
+     * Decoders MAY reject non-zero padding bits. */
+    if (strict_mode && leftchar != 0) {
+        state = get_binascii_state(module);
+        if (state) {
+            PyErr_SetString(state->Error, "Non-zero padding bits");
+        }
+        goto error_end;
+    }
+
     Py_XDECREF(table_obj);
     return PyBytesWriter_FinishWithPointer(writer, bin_data);
 
@@ -1652,6 +1662,16 @@ binascii_a2b_base32_impl(PyObject *module, Py_buffer *data,
         goto error;
     }
 
+    /* https://datatracker.ietf.org/doc/html/rfc4648.html#section-3.5
+     * Decoders MAY reject non-zero padding bits. */
+    if (leftchar != 0) {
+        state = get_binascii_state(module);
+        if (state) {
+            PyErr_SetString(state->Error, "Non-zero padding bits");
+        }
+        goto error;
+    }
+
     Py_XDECREF(table_obj);
     return PyBytesWriter_FinishWithPointer(writer, bin_data);
 
