web/lib/validation.py: add base64-validity check

Base 64 hash shouldn't require more than 2 pad chars to be divided to 4 without leftover.
14 years ago · bb2582c62c
1 changed files with 14 additions and 0 deletions
--- a/web/lib/validation.py
+++ b/web/lib/validation.py
@ -53,6 +53,20 @@ def validate_b64hash(data, check_uniq=True):
				@@ -53,6 +53,20 @@ def validate_b64hash(data, check_uniq=True):
 	# keys with cert may ends with anything, so check is relaxed
 	if length > 516 and re.match(r'[a-zA-Z0-9\-~]+$', data) == None:
 		raise forms.ValidationError('Invalid characters in base64 hash')
+	# base64-validity test
+	if length > 516:
+		# we need temporary variable here to avoid modifying main "data"
+		test_data = data
+		# add pad-characters needed for proper decoding cos i2p does not
+		for i in range(4):
+			quanta, leftover = divmod(len(test_data), 4)
+			if leftover:
+				test_data += '='
+			else:
+				break
+		# if more than 2 pad chars were added, raise an error
+		if i > 2:
+			raise forms.ValidationError('Corrupted base64 hash')
 	# base64-i2p
 	if length == 516 and re.match(r'[a-zA-Z0-9\-~]+AA$', data) == None:
 		raise forms.ValidationError('Invalid base64 hash')