SecurityFocus

base64 Sep 22 2003 12:49PM
"Ilya Teterin" (alienhard mail ru) (5 replies)

Re: base64 Sep 26 2003 08:38PM
Earl Hood (earl earlhood com)

Re: base64 Sep 23 2003 04:50PM
Alexander Ogol (sanyok_nospam prophysoft org ua) (1 replies)

Re: base64 Sep 24 2003 07:09AM
Christian Vogel (chris obelix hedonism cx) (2 replies)

Re: base64 Sep 24 2003 07:01PM
David Wilson (David Wilson isode com)

Re: base64 Sep 24 2003 06:30PM
der Mouse (mouse Rodents Montreal QC CA)

Re: base64 Sep 23 2003 04:18PM
Birl (sbirl temple edu) (1 replies)

Re: base64 Sep 23 2003 06:10PM
Lothar Kimmeringer (bugtraq kimmeringer de) (2 replies)

Re: base64 Sep 24 2003 06:24PM
David Wilson (David Wilson isode com) (2 replies)

Re: base64 Sep 25 2003 07:10AM
Christian Vogel (chris obelix hedonism cx)

Re: base64 Sep 25 2003 12:27AM
Earl Hood (earl earlhood com)

Re: base64 Sep 24 2003 05:01PM
Seth Breidbart (sethb panix com)

> See the corresponding RFC. The number of characters in a base64-coded
> text must be a multiply of 4. So ='s are used if there aren't enough
> characters and are added at the end of the text.
>
> = is not a valid character inside Base64 and an encoder should stop
> with an error or stops decoding.

That depends on the purpose of the decoder.

If your anti-virus decoder stops there, but a virus writer knows that
the decoder used by some popular mail client keeps going, then your
program isn't going to detect his virus.

If you're looking for something that might be hidden, then you need to
decode in _every_ way that _any_ mail client (that you support) does,
lest you have false negatives.

Seth

[ reply ]

Re: base64 Sep 23 2003 06:44AM
Erwan David (Erwan David trusted-logic fr)

Re: base64 Sep 22 2003 04:59PM
Bennett Todd (bet rahul net)