Forum Discussion

Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Oct 15, 2009

b64decode errors...

 

I'm doing some testing on an iRule that uses b64decode to decode the cookie contents. The documentation (Wiki) says that b64decode returns the decoded string, OR "" if an error occurs.

 

 

However what I'm finding is that b64decode either works (If given a valid b64encoded string), or causes a TCL error if it's fed something else (e.g. Corrupt cookie) and the connection is reset.

 

 

Is this a bug (In 9.3.1HF4)? Or bad documentation?
application delivery
dev
devops
iRules

5 Replies

Sort By
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Oct 15, 2009
    I'll have to poke around to see if this is an issue on your particular version or a broader problem. I haven't run into this yet, personally.

    In the meantime you can use the catch command to stop the connection from being reset on error.

    something like: 

     
 [catch [b64decode ...]]

    Colin
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 15, 2009
    I think it's been this way for a while. I have rules going back about two years where I was using catch to handle b64decode errors. The general method I've tried is to use catch and check that the result is not null length: 

     
  Try to base64 decode $string_b64encoded. Handle errors using catch. 
    Successful execution of b64decode by catch will return 0 and the output will be written to $string_b64decoded 
 if {[catch {b64decode $string_b64encoded} string_b64decoded] == 0 and $string_b64decoded ne ""}{ 
     base64 decoding succeeded 
 } else { 
     base64 decoding failed 
 }

    Aaron
  • Luke_Lehman's avatar
    Luke_Lehman
    Icon for Employee rankEmployee
    Feb 22, 2011
    Hey all,

     

     

    I'm using Aaron's code in an iRule I'm working on, but I'm having trouble validating the content a little further down.

     

     

    Initially, I use this code:

     

     

    
 Try to base64 decode $string_b64encoded. Handle errors using catch.
 Successful execution of b64decode by catch will return 0 and the output will be written to $b64decoded_member_ip
if {[catch {b64decode $query_b64encoded_member_ip} b64decoded_member_ip] == 0 and $b64decoded_member_ip ne ""}{
    base64 decoding succeeded
   if { $::debug } {log local0. "b64 decoding successful: $b64decoded_member_ip"}
   set b64decoded_member_ip_2 $b64decoded_member_ip
} else {
    base64 decoding failed = non-valid IP Address
   set member_ip_valid "false"
   if { $::debug } {log local0. "b64 decoding failed"}
}

     

     

     

     

    So if the decoding works, then in the var $b64decoded_member_ip is set.

     

    If the decoding fails, it toggles the switch $member_ip_valid so that the iRule won't try to use the value later.

     

     

    At this point, I want to validate that the decoded value is a valid IP address, so I use the following code:

     

     

     log local0. "catch $b64decoded_member_ip => [catch {IP::addr $b64decoded_member_ip mask 255.255.255.255} ]"
set a "256.256.256.256"
log local0. "catch $a => [catch {IP::addr $a mask 255.255.255.255} ]"
set b "192.168.130.157"
log local0. "catch $b => [catch {IP::addr $b mask 255.255.255.255} ]"

     

     

    The logs look like this:

     

     

     Feb 22 14:54:45 local/tmm info tmm[5018]: Rule iRule : b64 decoding successful: 192.168.130.156
Feb 22 14:54:45 local/tmm info tmm[5018]: Rule iRule : catch 192.168.130.156 => 1
Feb 22 14:54:45 local/tmm info tmm[5018]: Rule iRule : catch 256.256.256.256 => 1
Feb 22 14:54:45 local/tmm info tmm[5018]: Rule iRule : catch 192.168.130.157 => 0
Feb 22 14:54:45 local/tmm info tmm[5018]: Rule iRule : catch 192.168.130.156 => 0

     

     

    It's the 2nd line there that baffles me. As you can see the 5th line has the exact same value, but passes the doesn't match the catch.

     

     

    Does this have something to do with variable types that IP:addr can or can't handle?

     

     

    Thanks!