In Base64->decodeNoPadding() two conditional checks of $srcLen & 3. But it can't be zero and greater than 1 at the same time, probably that was a typo. As far as I can understand, this is just a check for padding characters in last two places, so second condition was meant as $strLen > 1. But its always true: in previous code it was checked to be not zero, and then checked for $srcLen & 3 (basically "is it divisible by 4?"), so it cant be less than 4 in this branch.
So, I've done light refactoring of this place. Since its an input validation, it should not leak any significant information in context of timing attacks.
In
Base64->decodeNoPadding()
two conditional checks of$srcLen & 3
. But it can't be zero and greater than 1 at the same time, probably that was a typo. As far as I can understand, this is just a check for padding characters in last two places, so second condition was meant as$strLen > 1
. But its always true: in previous code it was checked to be not zero, and then checked for$srcLen & 3
(basically "is it divisible by 4?"), so it cant be less than 4 in this branch.So, I've done light refactoring of this place. Since its an input validation, it should not leak any significant information in context of timing attacks.