AaronFiore/electrum
1
0
Fork 0
Code Activity

base64.b64decode: always set validate=True

Browse Source 
Notably verifymessage and decrypt(message) were silently ignoring trailing garbage
or inserted non-base64 characters present in signatures/ciphertext.
(both the CLI commands and in the GUI)
I think it is much cleaner and preferable to treat such signatures/ciphertext as invalid.

In fact I find it surprising that base64.b64decode(validate=False) is the default.
Perhaps we should create a helper function for it that set validate=True and use that.
This commit is contained in:
SomberNight
2025-06-03 17:50:43 +00:00
parent cae71222d2
commit 3e4601c61d
13 changed files with 43 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
electrum/daemon.py
View File

@@ -221,7 +221,7 @@ class AuthenticatedServer(Logger):
if basic != 'Basic':
raise AuthenticationInvalidOrMissing('UnsupportedType')
encoded = to_bytes(encoded, 'utf8')
credentials = to_string(b64decode(encoded), 'utf8')
credentials = to_string(b64decode(encoded, validate=True), 'utf8')
username, _, password = credentials.partition(':')
if not (constant_time_compare(username, self.rpc_user)
and constant_time_compare(password, self.rpc_password)):