diff options
author | wxiaoguang <wxiaoguang@gmail.com> | 2023-08-14 18:30:16 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-14 10:30:16 +0000 |
commit | ed1be4ca68daa9782ea65135110799a4bf0697f8 (patch) | |
tree | 29d3465f32643df3e3d7f76e56e3dad4afb56b75 /services | |
parent | cafce3b4b5afb3f254a48e87f1516d7b5dc209b6 (diff) | |
download | gitea-ed1be4ca68daa9782ea65135110799a4bf0697f8.tar.gz gitea-ed1be4ca68daa9782ea65135110799a4bf0697f8.zip |
Handle base64 decoding correctly to avoid panic (#26483)
Fix the panic if the "base64 secret" is too long.
Diffstat (limited to 'services')
-rw-r--r-- | services/auth/source/oauth2/jwtsigningkey.go | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/auth/source/oauth2/jwtsigningkey.go index ff0d426e22..eca0b8b7e1 100644 --- a/services/auth/source/oauth2/jwtsigningkey.go +++ b/services/auth/source/oauth2/jwtsigningkey.go @@ -336,16 +336,7 @@ func InitSigningKey() error { // loadSymmetricKey checks if the configured secret is valid. // If it is not valid, it will return an error. func loadSymmetricKey() (any, error) { - key := make([]byte, 32) - n, err := base64.RawURLEncoding.Decode(key, []byte(setting.OAuth2.JWTSecretBase64)) - if err != nil { - return nil, err - } - if n != 32 { - return nil, fmt.Errorf("JWT secret must be 32 bytes long") - } - - return key, nil + return util.Base64FixedDecode(base64.RawURLEncoding, []byte(setting.OAuth2.JWTSecretBase64), 32) } // loadOrCreateAsymmetricKey checks if the configured private key exists. |