Handle binascii.Error from base64.b64decode()

In Python 3, the base64.b64decode function raises binascii.Error (a ValueError
subclass) when it finds incorrect padding. In Python 2 it raises TypeError.

Callers should usually handle ValueError; unless they are specifically
concerned with handling base64 padding issues).

In some cases, callers should handle ValueError:
- ipalib.pkcs10 (get_friendlyname, load_certificate_request): callers should
  handle ValueError
- ipalib.x509 (load_certificate*, get_*): callers should handle ValueError

In other cases ValueError is handled:
- ipalib.parameters
- ipapython.ssh
- ipalib.rpc (json_decode_binary - callers already expect ValueError)
- ipaserver.install.ldapupdate

Elsewhere no error handling is done, because values come from trusted
sources, or are pre-validated:
- vault plugin
- ipaserver.install.cainstance
- ipaserver.install.certs
- ipaserver.install.ipa_otptoken_import

Reviewed-By: Tomas Babej <tbabej@redhat.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 446e2886e..94d2cb4e9 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -210,7 +210,7 @@ class RedHatTaskNamespace(BaseTaskNamespace):
                 issuer = x509.get_der_issuer(cert, x509.DER)
                 serial_number = x509.get_der_serial_number(cert, x509.DER)
                 public_key_info = x509.get_der_public_key_info(cert, x509.DER)
-            except (NSPRError, PyAsn1Error) as e:
+            except (NSPRError, PyAsn1Error, ValueError) as e:
                 root_logger.warning(
                     "Failed to decode certificate \"%s\": %s", nickname, e)
                 continue