Forum Discussion
hooleylist
Jun 01, 2012Cirrostratus
That's a novel sanity check you could add. But it still doesn't guarantee you'll avoid the memory leak. Basically, it checks if the query string length is evenly divisible by four. If it is, then the assumption is that it's a base64 encoded string. If it's not, then the input isn't attempted to be decoded.
You might also want to add a check to see if there is a query string first as 0%4 will return 0 and trigger decoding in the above example.
if { [HTTP::query] ne "" and ![expr [string length [HTTP::query]]%4] } {
Also, is there a specific parameter name that will have the base64 encoded string? Or is there another check you could add like of the HTTP::path to reduce the chance that you'll attempt to base64 decode a non-base64 encoded string?
Aaron