diff options
author | Antoine du Hamel <duhamelantoine1995@gmail.com> | 2022-04-03 01:50:27 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-03 01:50:27 +0300 |
commit | bba82cd9b9c750421b325cc3e51da03b21707e6a (patch) | |
tree | fde548d32dd976d3398c00b098b6114bf427def6 /lib | |
parent | 2dea9ccd8a5e8776b232740fa3fc3af93c335d92 (diff) |
buffer: fix `atob` input validation
Fixes: https://github.com/nodejs/node/issues/42530
PR-URL: https://github.com/nodejs/node/pull/42539
Reviewed-By: Michaƫl Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Akhil Marsonya <akhil.marsonya27@gmail.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/buffer.js | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/lib/buffer.js b/lib/buffer.js index 8e29ac1822a..773d56572aa 100644 --- a/lib/buffer.js +++ b/lib/buffer.js @@ -23,8 +23,10 @@ const { Array, + ArrayFrom, ArrayIsArray, ArrayPrototypeForEach, + ArrayPrototypeIncludes, MathFloor, MathMin, MathTrunc, @@ -1230,8 +1232,25 @@ function btoa(input) { return buf.toString('base64'); } -const kBase64Digits = - 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; +// Refs: https://infra.spec.whatwg.org/#forgiving-base64-decode +const kForgivingBase64AllowedChars = [ + // ASCII whitespace + // Refs: https://infra.spec.whatwg.org/#ascii-whitespace + 0x09, 0x0A, 0x0C, 0x0D, 0x20, + + // Uppercase letters + ...ArrayFrom({ length: 26 }, (_, i) => StringPrototypeCharCodeAt('A') + i), + + // Lowercase letters + ...ArrayFrom({ length: 26 }, (_, i) => StringPrototypeCharCodeAt('a') + i), + + // Decimal digits + ...ArrayFrom({ length: 10 }, (_, i) => StringPrototypeCharCodeAt('0') + i), + + 0x2B, // + + 0x2F, // / + 0x3D, // = +]; function atob(input) { // The implementation here has not been performance optimized in any way and @@ -1242,7 +1261,8 @@ function atob(input) { } input = `${input}`; for (let n = 0; n < input.length; n++) { - if (!kBase64Digits.includes(input[n])) + if (!ArrayPrototypeIncludes(kForgivingBase64AllowedChars, + StringPrototypeCharCodeAt(input, n))) throw lazyDOMException('Invalid character', 'InvalidCharacterError'); } return Buffer.from(input, 'base64').toString('latin1'); |