Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server does not check correctly if 'Authorization' Header is really in Base64 #7

Closed
m1dok opened this issue May 17, 2023 · 0 comments
Closed

Server does not check correctly if 'Authorization' Header is really in Base64 #7

m1dok opened this issue May 17, 2023 · 0 comments
Labels
good first issue Good for newcomers

Comments

@m1dok
Copy link
Contributor

m1dok commented May 17, 2023

If sent an authorization header and base64 string is malformed or not base64, the server crash and returns 500 internal server error.

Probably in line 585 of interfaces, you assume the string is base64 and decode it without checking it or handling exceptions.

           auth = (cast(char[])Base64.decode(auth[6..$])).to!string;
@m1dok m1dok changed the title 'Authorization' Header does not check correctly if Basic is really in Base64 Server does not check correctly if 'Authorization' Header is really in Base64 May 17, 2023
@trikko trikko added the good first issue Good for newcomers label May 17, 2023
trikko added a commit that referenced this issue May 17, 2023
@trikko
Merge pull request #8 from m1dok/master
6cd99d0 
Fix issue #7: handle Base64 exception
@trikko trikko closed this as completed May 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trikko @m1dok