From 64a3b045c12c3e0fa98f5967ceb38378eaf70e2d Mon Sep 17 00:00:00 2001
From: Alexey Novikov <alexey@novikov.io>
Date: Sun, 17 Oct 2021 11:51:33 +0400
Subject: [PATCH] Fix error detection in 'base64Decode()'

Fixed a bug in initialization of 'base64DecodeChars' variable.
Currently decoder do not fail on invalid Base64 strings.
Added test-case to verify the fix.

Also have made 'base64DecodeChars' to be computed at compile time.
And added a test case to encode/decode string with non-printable charactes.
---
 src/libutil/tests/tests.cc | 17 +++++++++++++++++
 src/libutil/util.cc        | 18 ++++++++++--------
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/src/libutil/tests/tests.cc b/src/libutil/tests/tests.cc
index 58df9c5ac..92972ed14 100644
--- a/src/libutil/tests/tests.cc
+++ b/src/libutil/tests/tests.cc
@@ -4,6 +4,8 @@
 #include <limits.h>
 #include <gtest/gtest.h>
 
+#include <numeric>
+
 namespace nix {
 
 /* ----------- tests for util.hh ------------------------------------------------*/
@@ -282,6 +284,17 @@ namespace nix {
         ASSERT_EQ(decoded, s);
     }
 
+    TEST(base64Encode, encodeAndDecodeNonPrintable) {
+        char s[256];
+        std::iota(std::rbegin(s), std::rend(s), 0);
+
+        auto encoded = base64Encode(s);
+        auto decoded = base64Decode(encoded);
+
+        EXPECT_EQ(decoded.length(), 255);
+        ASSERT_EQ(decoded, s);
+    }
+
     /* ----------------------------------------------------------------------------
      * base64Decode
      * --------------------------------------------------------------------------*/
@@ -294,6 +307,10 @@ namespace nix {
         ASSERT_EQ(base64Decode("cXVvZCBlcmF0IGRlbW9uc3RyYW5kdW0="), "quod erat demonstrandum");
     }
 
+    TEST(base64Decode, decodeThrowsOnInvalidChar) {
+        ASSERT_THROW(base64Decode("cXVvZCBlcm_0IGRlbW9uc3RyYW5kdW0="), Error);
+    }
+
     /* ----------------------------------------------------------------------------
      * toLower
      * --------------------------------------------------------------------------*/
diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index 563a72c12..a7b3b879a 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -1436,8 +1436,7 @@ std::string filterANSIEscapes(const std::string & s, bool filterAll, unsigned in
 }
 
 
-static char base64Chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-static std::array<char, 256> base64DecodeChars;
+constexpr char base64Chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 
 string base64Encode(std::string_view s)
 {
@@ -1462,12 +1461,15 @@ string base64Encode(std::string_view s)
 
 string base64Decode(std::string_view s)
 {
-    static std::once_flag flag;
-    std::call_once(flag, [](){
-        base64DecodeChars = { (char)-1 };
+    constexpr char npos = -1;
+    constexpr std::array<char, 256> base64DecodeChars = [&]() {
+        std::array<char, 256>  result{};
+        for (auto& c : result)
+            c = npos;
         for (int i = 0; i < 64; i++)
-            base64DecodeChars[(int) base64Chars[i]] = i;
-    });
+            result[base64Chars[i]] = i;
+        return result;
+    }();
 
     string res;
     unsigned int d = 0, bits = 0;
@@ -1477,7 +1479,7 @@ string base64Decode(std::string_view s)
         if (c == '\n') continue;
 
         char digit = base64DecodeChars[(unsigned char) c];
-        if (digit == -1)
+        if (digit == npos)
             throw Error("invalid character in Base64 string: '%c'", c);
 
         bits += 6;