tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-03 09:07:19 +00:00
Code Releases Activity

Handle base64 decoding correctly to avoid panic (#26483)

Browse Source 
Fix the panic if the "base64 secret" is too long.
This commit is contained in:
wxiaoguang
2023-08-14 18:30:16 +08:00
committed by GitHub
parent cafce3b4b5
commit ed1be4ca68
8 changed files with 43 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
services/auth/source/oauth2/jwtsigningkey.go
View File

@ -336,16 +336,7 @@ func InitSigningKey() error {
// loadSymmetricKey checks if the configured secret is valid.
// If it is not valid, it will return an error.
func loadSymmetricKey() (any, error) {
key := make([]byte, 32)
n, err := base64.RawURLEncoding.Decode(key, []byte(setting.OAuth2.JWTSecretBase64))
if err != nil {
return nil, err
}
if n != 32 {
return nil, fmt.Errorf("JWT secret must be 32 bytes long")
}
return key, nil
return util.Base64FixedDecode(base64.RawURLEncoding, []byte(setting.OAuth2.JWTSecretBase64), 32)
}
// loadOrCreateAsymmetricKey checks if the configured private key exists.