Handle base64 decoding correctly to avoid panic (#26483)

Fix the panic if the "base64 secret" is too long.
2023-08-14 18:30:16 +08:00 · 2023-08-14 18:30:16 +08:00 · ed1be4ca68
commit ed1be4ca68
parent cafce3b4b5
8 changed files with 43 additions and 30 deletions
--- a/modules/util/util.go
+++ b/modules/util/util.go
@ -6,6 +6,7 @@ package util
 import (
 	"bytes"
 	"crypto/rand"
+	"encoding/base64"
 	"fmt"
 	"math/big"
 	"strconv"
@ -261,3 +262,13 @@ func ToFloat64(number any) (float64, error) {
 func ToPointer[T any](val T) *T {
 	return &val
 }
+
+func Base64FixedDecode(encoding *base64.Encoding, src []byte, length int) ([]byte, error) {
+	decoded := make([]byte, encoding.DecodedLen(len(src))+3)
+	if n, err := encoding.Decode(decoded, src); err != nil {
+		return nil, err
+	} else if n != length {
+		return nil, fmt.Errorf("invalid base64 decoded length: %d, expects: %d", n, length)
+	}
+	return decoded[:length], nil
+}