njs_string_atob cannot handle cypertext unless the padding is intact

Hello 😄
We found it difficult that njs' atob works differently than we think.

Atob function in njs is decoding without considering padding of the ciphertext.
And for this reason, it's hard to detect errors early.

For example, 'aGVsbG8=', which is the base64 encoded 'hello'.
In most atob functions, 'aGVsbG8' is returned as 'hello', but njs doesn't.

I wonder if you have any plans to make any changes to this.

njs/src/njs_string.c

Lines 4276 to 4299 in a26f8cc

    
           pad = 0; 
        
           str.start = tmp; 
        
           str.length = p - tmp; 
        
           if (str.length % 4 == 0) { 
        
               if (str.length > 0) { 
        
                   if (str.start[str.length - 1] == '=') { 
        
                       pad += 1; 
        
                   } 
        
                   if (str.start[str.length - 2] == '=') { 
        
                       pad += 1; 
        
                   } 
        
               } 
        
           } else if (str.length % 4 == 1) { 
        
               goto error; 
        
           } 
        
           for (i = 0; i < str.length - pad; i++) { 
        
               if (njs_slow_path(b64[str.start[i]] == 77)) { 
        
                   goto error; 
        
               } 
        
           }

Hi @ahnyujin,

Thanks for reporting the problem. As a workaround you can use the other methods, like Buffer.from("aGVsbG8=", "base64").toString().

	pad = 0;
	str.start = tmp;
	str.length = p - tmp;

	if (str.length % 4 == 0) {
	if (str.length > 0) {
	if (str.start[str.length - 1] == '=') {
	pad += 1;
	}

	if (str.start[str.length - 2] == '=') {
	pad += 1;
	}
	}

	} else if (str.length % 4 == 1) {
	goto error;
	}

	for (i = 0; i < str.length - pad; i++) {
	if (njs_slow_path(b64[str.start[i]] == 77)) {
	goto error;
	}
	}