Fix panic in BasicAuthDecode (#14046)

* Fix panic in BasicAuthDecode If the string does not contain ":" that function would run into an `index out of range [1] with length 1` error. prevent that. * Update BasicAuthDecode() Co-authored-by: 6543 <6543@obermui.de>
author: silverwind <me@silverwind.io> 2020-12-18 02:51:28 +0100
committer: GitHub <noreply@github.com> 2020-12-17 20:51:28 -0500
commit: 27edc1aa19afb043a497a7dc628afa420cb1de55 (patch)
tree: 620ac8b6ab3b181da86efbbe1d459cf66ab0a954 /modules/base/tool.go
parent: e9cc613c245fa15cc8d8e3e3e98573a212c73aa4 (diff)
download: gitea-27edc1aa19afb043a497a7dc628afa420cb1de55.tar.gz
gitea-27edc1aa19afb043a497a7dc628afa420cb1de55.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/base/tool.go b/modules/base/tool.go
index 2cc09fb25d..00b13f76c7 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -10,6 +10,7 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
+	"errors"
 	"fmt"
 	"net/http"
 	"os"
@@ -63,6 +64,11 @@ func BasicAuthDecode(encoded string) (string, string, error) {
 	}
 
 	auth := strings.SplitN(string(s), ":", 2)
+
+	if len(auth) != 2 {
+		return "", "", errors.New("invalid basic authentication")
+	}
+
 	return auth[0], auth[1], nil
 }
author	silverwind <me@silverwind.io>	2020-12-18 02:51:28 +0100
committer	GitHub <noreply@github.com>	2020-12-17 20:51:28 -0500
commit	27edc1aa19afb043a497a7dc628afa420cb1de55 (patch)
tree	620ac8b6ab3b181da86efbbe1d459cf66ab0a954 /modules/base/tool.go
parent	e9cc613c245fa15cc8d8e3e3e98573a212c73aa4 (diff)
download	gitea-27edc1aa19afb043a497a7dc628afa420cb1de55.tar.gz gitea-27edc1aa19afb043a497a7dc628afa420cb1de55.zip