[Freeipa-devel] [PATCH] 360 be smarter about decoding certs
Rob Crittenden
rcritten at redhat.com
Fri Jan 29 03:30:13 UTC 2010
John Dennis wrote:
> On 01/28/2010 04:15 PM, Rob Crittenden wrote:
>> Gah, got the description mixed up with the last patch :-(
>>
>> Be a bit smarter about decoding certificates that might be base64
>> encoded. First see if it only contains those characters allowed before
>> trying to decode it. This reduces the number of false positives.
>
> I'm not sure the test is doing what you want or even if it's the right
> test.
>
> The test is saying "If there is one or more characters in the bas64
> alphabet then try and decode. That means just about anything will match,
> which doesn't seem like a very strong test.
>
> Why not just try and decode it and let the decoder decide if it's really
> base64, the decoder has much strong rules about the input, including
> assuring the padding is correct.
>
The reason is I had a binary cert that was correctly decoded by the
base64 encoder. I don't know the why's and wherefores but there it is.
I see what you mean about my regex being a bit weak though, it really
should require that the entire string conform. I'll see what I can do.
rob
More information about the Freeipa-devel
mailing list