aboutsummaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
authorwxiaoguang <wxiaoguang@gmail.com>2023-08-14 18:30:16 +0800
committerGitHub <noreply@github.com>2023-08-14 10:30:16 +0000
commited1be4ca68daa9782ea65135110799a4bf0697f8 (patch)
tree29d3465f32643df3e3d7f76e56e3dad4afb56b75 /services
parentcafce3b4b5afb3f254a48e87f1516d7b5dc209b6 (diff)
downloadgitea-ed1be4ca68daa9782ea65135110799a4bf0697f8.tar.gz
gitea-ed1be4ca68daa9782ea65135110799a4bf0697f8.zip
Handle base64 decoding correctly to avoid panic (#26483)
Fix the panic if the "base64 secret" is too long.
Diffstat (limited to 'services')
-rw-r--r--services/auth/source/oauth2/jwtsigningkey.go11
1 files changed, 1 insertions, 10 deletions
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/auth/source/oauth2/jwtsigningkey.go
index ff0d426e22..eca0b8b7e1 100644
--- a/services/auth/source/oauth2/jwtsigningkey.go
+++ b/services/auth/source/oauth2/jwtsigningkey.go
@@ -336,16 +336,7 @@ func InitSigningKey() error {
// loadSymmetricKey checks if the configured secret is valid.
// If it is not valid, it will return an error.
func loadSymmetricKey() (any, error) {
- key := make([]byte, 32)
- n, err := base64.RawURLEncoding.Decode(key, []byte(setting.OAuth2.JWTSecretBase64))
- if err != nil {
- return nil, err
- }
- if n != 32 {
- return nil, fmt.Errorf("JWT secret must be 32 bytes long")
- }
-
- return key, nil
+ return util.Base64FixedDecode(base64.RawURLEncoding, []byte(setting.OAuth2.JWTSecretBase64), 32)
}
// loadOrCreateAsymmetricKey checks if the configured private key exists.