-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Buffer.from(str, encoding) silently ignores decoding errors #8569
Comments
@olalonde I think we can use regular expressions to check for the validity of the encoding. |
Well, yeah, the user can do that if it’s necessary (and I’d be curious why it would be necessary), so I’m not sure it’s important to have that extra validation in core. |
@addaleax Sorry I should have been more clear. That's what I meant. On 18-Sep-2016 2:22 AM, "Anna Henningsen" notifications@github.com wrote:
|
Whether this belongs core is subjective. Regex would work but even for base64, it's not as straightforward as it may seem, e.g. the regex that https://github.com/kevva/base64-regex/blob/master/index.js uses: One scenario I had in mind was using |
Real-world base64 frequently has extra whitespace or missing == trailers. History factoid: one of my first contributions was a series of base64 decoder performance improvements, followed a few days later by a set of fix-ups because people complained I made it too strict. :-) |
@olalonde It might help if you could lay out why you think this would be useful to have in Node core. I realize it can be useful, but what advantage would that have over userland alternatives (which, as you point out, exist)? |
Well, the tricky part to validation here is the performance hit. Validating the encoding can be quite expensive if we're expected to do it every time. |
I don’t think we really have to worry about that, anything like this would probably have go into its own API anyway? |
It could be a a |
Perhaps yeah. We could, I suppose, add a new option to |
It's fine to skip whitespace or padding characters — you can always encode such result back to the correct base64, but returning incorrect results as in: var x = Buffer.from("вот зе фак", "base64") // -> <Buffer d8 1e f9 0f 4f>
var y = x.toString('base64') // -> '2B75D08=' instead of throwing error is unreasonable and will lead to data corruption and vulnerabilities. |
@dchest, I just finished https://github.com/ronomon/base64 as a stop-gap until these and other base64 issues are fixed. The decoder will skip whitespace or missing padding characters but it will detect and throw an exception for corrupt or truncated base64 without additional performance penalty. The decoder is also nearly 2x faster when decoding wrapped base64. |
This issue affects also // Node 7.10.0
var x = Buffer.from('a2zza2 even!', 'hex');
var y = x.toString('hex'); // a2
var x = Buffer.from('a2zza2 odd!', 'hex'); // TypeError: Invalid hex string
var y = x.toString('hex');
// Node 8.0.0
var x = Buffer.from('a2zza2 even!', 'hex');
var y = x.toString('hex'); // a2
var x = Buffer.from('a2zza2 odd!', 'hex');
var y = x.toString('hex'); // a2 |
This issue is closed, however, the base64 decoding doesn't just "ignore spaces"... in the referenced documentation. It ignores any invalid character. At the very least there should be a "{strict:true}" option to from() that raises exceptions when you : pass base64 stuff to hex decodings, pass an array to base64 decoding, etc. |
Buffer.from
silently ignores decoding errors.I know this is now the expected behavior but it would be useful, e.g. when writing parsers for strict protocols, to have a
Buffer.safeFrom
which throws on decoding errors. It could also be passed as a parameter, e.g.:Buffer.from(str, [encoding, throwOnError])
.The text was updated successfully, but these errors were encountered: