commit 053d6c5ce246e6ba9c046467b02a0b6ba4abb8bf
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Sun Jun 10 14:37:14 2018 -0700
committer Ned Deily <nad@python.org> Sun Jun 10 17:37:14 2018 -0400
tree db7ad69d428e7f6e1353c4d892202554c247c133
parent 2adfeef1853262b207a1993e523f0f3ba708dd9f

bpo-33770: improve base64 exception message for encoded inputs of invalid length (GH-7416) (GH-7602)

(cherry picked from commit 1b85c71a2136d3fa6a1da05b27b1fe4e4b8ee45e)

Co-authored-by: Tal Einat <taleinat+github@gmail.com>

Lib/test/test_binascii.py

diff --git a/Lib/test/test_binascii.py b/Lib/test/test_binascii.py
index 8fa57cd..7418a9ce9 100644
--- a/Lib/test/test_binascii.py
+++ b/Lib/test/test_binascii.py
@@ -110,6 +110,34 @@
         # empty strings. TBD: shouldn't it raise an exception instead ?
         self.assertEqual(binascii.a2b_base64(self.type2test(fillers)), b'')
 
+    def test_base64errors(self):
+        # Test base64 with invalid padding
+        def assertIncorrectPadding(data):
+            with self.assertRaisesRegex(binascii.Error, r'(?i)Incorrect padding'):
+                binascii.a2b_base64(self.type2test(data))
+
+        assertIncorrectPadding(b'ab')
+        assertIncorrectPadding(b'ab=')
+        assertIncorrectPadding(b'abc')
+        assertIncorrectPadding(b'abcdef')
+        assertIncorrectPadding(b'abcdef=')
+        assertIncorrectPadding(b'abcdefg')
+        assertIncorrectPadding(b'a=b=')
+        assertIncorrectPadding(b'a\nb=')
+
+        # Test base64 with invalid number of valid characters (1 mod 4)
+        def assertInvalidLength(data):
+            with self.assertRaisesRegex(binascii.Error, r'(?i)invalid.+length'):
+                binascii.a2b_base64(self.type2test(data))
+
+        assertInvalidLength(b'a')
+        assertInvalidLength(b'a=')
+        assertInvalidLength(b'a==')
+        assertInvalidLength(b'a===')
+        assertInvalidLength(b'a' * 5)
+        assertInvalidLength(b'a' * (4 * 87 + 1))
+        assertInvalidLength(b'A\tB\nC ??DE')  # only 5 valid characters
+
     def test_uu(self):
         MAX_UU = 45
         for backtick in (True, False):

Misc/NEWS.d/next/Library/2018-06-05-11-29-26.bpo-33770.oBhxxw.rst

diff --git a/Misc/NEWS.d/next/Library/2018-06-05-11-29-26.bpo-33770.oBhxxw.rst b/Misc/NEWS.d/next/Library/2018-06-05-11-29-26.bpo-33770.oBhxxw.rst
new file mode 100644
index 0000000..a1529dd
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-06-05-11-29-26.bpo-33770.oBhxxw.rst
@@ -0,0 +1 @@
+improve base64 exception message for encoded inputs of invalid length

Modules/binascii.c

diff --git a/Modules/binascii.c b/Modules/binascii.c
index 1af6b7f..2df80af 100644
--- a/Modules/binascii.c
+++ b/Modules/binascii.c
@@ -510,7 +510,18 @@
     }
 
     if (leftbits != 0) {
-        PyErr_SetString(Error, "Incorrect padding");
+        if (leftbits == 6) {
+            /*
+            ** There is exactly one extra valid, non-padding, base64 character.
+            ** This is an invalid length, as there is no possible input that
+            ** could encoded into such a base64 string.
+            */
+            PyErr_SetString(Error,
+                            "Invalid base64-encoded string: "
+                            "length cannot be 1 more than a multiple of 4");
+        } else {
+            PyErr_SetString(Error, "Incorrect padding");
+        }
         _PyBytesWriter_Dealloc(&writer);
         return NULL;
     }