Nemcio/Gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-31 10:56:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Handle base64 decoding correctly to avoid panic (#26483)

Browse Source 
Fix the panic if the "base64 secret" is too long.
This commit is contained in:
wxiaoguang
2023-08-14 18:30:16 +08:00
committed by GitHub
parent cafce3b4b5
commit ed1be4ca68
8 changed files with 43 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
modules/util/util_test.go
View File

@@ -4,6 +4,7 @@
package util
import (
"encoding/base64"
"regexp"
"strings"
"testing"
@@ -233,3 +234,16 @@ func TestToPointer(t *testing.T) {
val123 := 123
assert.False(t, &val123 == ToPointer(val123))
}
func TestBase64FixedDecode(t *testing.T) {
_, err := Base64FixedDecode(base64.RawURLEncoding, []byte("abcd"), 32)
assert.ErrorContains(t, err, "invalid base64 decoded length")
_, err = Base64FixedDecode(base64.RawURLEncoding, []byte(strings.Repeat("a", 64)), 32)
assert.ErrorContains(t, err, "invalid base64 decoded length")
str32 := strings.Repeat("x", 32)
encoded32 := base64.RawURLEncoding.EncodeToString([]byte(str32))
decoded32, err := Base64FixedDecode(base64.RawURLEncoding, []byte(encoded32), 32)
assert.NoError(t, err)
assert.Equal(t, str32, string(decoded32))
}