# HG changeset patch
# User Sebastien Jodogne <s.jodogne@gmail.com>
# Date 1461858303 -7200
# Node ID e29aea2349b92b44808080f4d813ecddd1f25a21
# Parent  ce90d109bb64ab26096fc36bcf8258d17b6fd425
test validity of base64 strings

diff -r ce90d109bb64 -r e29aea2349b9 Core/Toolbox.cpp
--- a/Core/Toolbox.cpp	Tue Apr 26 17:40:55 2016 +0200
+++ b/Core/Toolbox.cpp	Thu Apr 28 17:45:03 2016 +0200
@@ -582,6 +582,18 @@
   void Toolbox::DecodeBase64(std::string& result, 
                              const std::string& data)
   {
+    for (size_t i = 0; i < data.length(); i++)
+    {
+      if (!isalnum(data[i]) &&
+          data[i] != '+' &&
+          data[i] != '/' &&
+          data[i] != '=')
+      {
+        // This is not a valid character for a Base64 string
+        throw OrthancException(ErrorCode_BadFileFormat);
+      }
+    }
+
     result = base64_decode(data);
   }
 
diff -r ce90d109bb64 -r e29aea2349b9 UnitTestsSources/UnitTestsMain.cpp
--- a/UnitTestsSources/UnitTestsMain.cpp	Tue Apr 26 17:40:55 2016 +0200
+++ b/UnitTestsSources/UnitTestsMain.cpp	Thu Apr 28 17:45:03 2016 +0200
@@ -364,6 +364,12 @@
   std::string decoded;
   Toolbox::DecodeBase64(decoded, hello);
   ASSERT_EQ("Hello world", decoded);
+
+  // Invalid character
+  ASSERT_THROW(Toolbox::DecodeBase64(decoded, "?"), OrthancException);
+
+  // All the allowed characters
+  Toolbox::DecodeBase64(decoded, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=");
 }
 
 TEST(Toolbox, PathToExecutable)