Skip to content

Commit

Permalink
Fix panic in BasicAuthDecode (#14046) (#14048)
Browse files Browse the repository at this point in the history 
* Fix panic in BasicAuthDecode

If the string does not contain ":" that function would run into an
`index out of range [1] with length 1` error. prevent that.

* Update BasicAuthDecode()

Co-authored-by: 6543 <6543@obermui.de>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
  • Loading branch information
@silverwind @6543 @zeripath
3 people authored Dec 18, 2020
1 parent 96d4128 commit 55d7e53
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
6 changes: 6 additions & 0 deletions modules/base/tool.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"errors"
"fmt"
"net/http"
"net/url"
Expand Down Expand Up @@ -65,6 +66,11 @@ func BasicAuthDecode(encoded string) (string, string, error) {
}

auth := strings.SplitN(string(s), ":", 2)

if len(auth) != 2 {
return "", "", errors.New("invalid basic authentication")
}

return auth[0], auth[1], nil
}

Expand Down
6 changes: 6 additions & 0 deletions modules/base/tool_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,12 @@ func TestBasicAuthDecode(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, "foo", user)
assert.Equal(t, "bar", pass)

_, _, err = BasicAuthDecode("aW52YWxpZA==")
assert.Error(t, err)

_, _, err = BasicAuthDecode("invalid")
assert.Error(t, err)
}

func TestBasicAuthEncode(t *testing.T) {
Expand Down

0 comments on commit 55d7e53

Please sign in to comment.