diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2023-08-14 18:30:16 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-14 10:30:16 +0000 |
| commit | ed1be4ca68daa9782ea65135110799a4bf0697f8 (patch) | |
| tree | 29d3465f32643df3e3d7f76e56e3dad4afb56b75 /modules/setting | |
| parent | cafce3b4b5afb3f254a48e87f1516d7b5dc209b6 (diff) | |
| download | gitea-ed1be4ca68daa9782ea65135110799a4bf0697f8.tar.gz gitea-ed1be4ca68daa9782ea65135110799a4bf0697f8.zip | |
Handle base64 decoding correctly to avoid panic (#26483)
Fix the panic if the "base64 secret" is too long.
Diffstat (limited to 'modules/setting')
| -rw-r--r-- | modules/setting/lfs.go | 12 | ||||
| -rw-r--r-- | modules/setting/oauth2.go | 13 |
2 files changed, 11 insertions, 14 deletions
diff --git a/modules/setting/lfs.go b/modules/setting/lfs.go index 21a46a8cce..a5ea537cef 100644 --- a/modules/setting/lfs.go +++ b/modules/setting/lfs.go @@ -9,6 +9,7 @@ import ( "time" "code.gitea.io/gitea/modules/generate" + "code.gitea.io/gitea/modules/util" ) // LFS represents the configuration for Git LFS @@ -56,17 +57,14 @@ func loadLFSFrom(rootCfg ConfigProvider) error { LFS.HTTPAuthExpiry = sec.Key("LFS_HTTP_AUTH_EXPIRY").MustDuration(24 * time.Hour) - if !LFS.StartServer { + if !LFS.StartServer || !InstallLock { return nil } LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("server"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET") - - LFS.JWTSecretBytes = make([]byte, 32) - n, err := base64.RawURLEncoding.Decode(LFS.JWTSecretBytes, []byte(LFS.JWTSecretBase64)) - - if (err != nil || n != 32) && InstallLock { - LFS.JWTSecretBase64, err = generate.NewJwtSecretBase64() + LFS.JWTSecretBytes, err = util.Base64FixedDecode(base64.RawURLEncoding, []byte(LFS.JWTSecretBase64), 32) + if err != nil { + LFS.JWTSecretBytes, LFS.JWTSecretBase64, err = generate.NewJwtSecretBase64() if err != nil { return fmt.Errorf("error generating JWT Secret for custom config: %v", err) } diff --git a/modules/setting/oauth2.go b/modules/setting/oauth2.go index b88070681a..ab82393106 100644 --- a/modules/setting/oauth2.go +++ b/modules/setting/oauth2.go @@ -10,6 +10,7 @@ import ( "code.gitea.io/gitea/modules/generate" "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/util" ) // OAuth2UsernameType is enum describing the way gitea 'name' should be generated from oauth2 data @@ -129,21 +130,19 @@ func loadOAuth2From(rootCfg ConfigProvider) { } if InstallLock { - key := make([]byte, 32) - n, err := base64.RawURLEncoding.Decode(key, []byte(OAuth2.JWTSecretBase64)) - if err != nil || n != 32 { - key, err = generate.NewJwtSecret() + if _, err := util.Base64FixedDecode(base64.RawURLEncoding, []byte(OAuth2.JWTSecretBase64), 32); err != nil { + key, err := generate.NewJwtSecret() if err != nil { log.Fatal("error generating JWT secret: %v", err) } - secretBase64 := base64.RawURLEncoding.EncodeToString(key) + OAuth2.JWTSecretBase64 = base64.RawURLEncoding.EncodeToString(key) saveCfg, err := rootCfg.PrepareSaving() if err != nil { log.Fatal("save oauth2.JWT_SECRET failed: %v", err) } - rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64) - saveCfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64) + rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(OAuth2.JWTSecretBase64) + saveCfg.Section("oauth2").Key("JWT_SECRET").SetValue(OAuth2.JWTSecretBase64) if err := saveCfg.Save(); err != nil { log.Fatal("save oauth2.JWT_SECRET failed: %v", err) } |