base64: accept zero length argument to base64_encode

We used to treat 0 as "call strlen() to get the length" for curlx_base64_encode, but it turns out this is rather fragile as we easily do the mistake of passing in zero when the data is actually not there and then calling strlen() is wrong. Force the caller to pass in the correct size. A zero length input string now returns a zero length output and a NULL pointer. Closes #18617
2026-04-11 12:01:42 +08:00 · 2025-09-19 13:47:16 +02:00 · 2025-09-19 13:47:16 +02:00 · 5e2d4d7905
commit 5e2d4d7905
parent a0369e1705
2 changed files with 2 additions and 4 deletions
--- a/lib/curlx/base64.c
+++ b/lib/curlx/base64.c
@ -182,7 +182,7 @@ static CURLcode base64_encode(const char *table64,
  *outlen = 0;

  if(!insize)
-    insize = strlen(inputbuff);
+    return CURLE_OK;

 #if SIZEOF_SIZE_T == 4
  if(insize > UINT_MAX/4)
@ -240,8 +240,6 @@ static CURLcode base64_encode(const char *table64,
 * encoded data. Size of encoded data is returned in variable pointed by
 * outlen.
 *
- * Input length of 0 indicates input buffer holds a null-terminated string.
- *
 * Returns CURLE_OK on success, otherwise specific error code. Function
 * output shall not be considered valid unless CURLE_OK is returned.
 *
--- a/tests/unit/unit1302.c
+++ b/tests/unit/unit1302.c
@ -172,7 +172,7 @@ static CURLcode test_unit1302(const char *arg)
      fprintf(stderr, "Test %u URL encoded output length %d instead of %d\n",
              i, (int)olen, (int)e->olen);
    }
-    if(memcmp(out, e->output, e->olen)) {
+    if(out && memcmp(out, e->output, e->olen)) {
      fprintf(stderr, "Test %u URL encoded badly. Got '%s', expected '%s'\n",
              i, out, e->output);
      unitfail++;