From 82f946bb36f20df0679a15d42a20efd1ae191389 Mon Sep 17 00:00:00 2001
From: Tomuxs <tomas@arch.myddns.me>
Date: Thu, 12 Jun 2025 04:39:07 +0200
Subject: [PATCH] Added length checking for authorization header

---
 app/src/main/java/org/skinner/RestAPI.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/src/main/java/org/skinner/RestAPI.java b/app/src/main/java/org/skinner/RestAPI.java
index 89e1e4b..202a210 100644
--- a/app/src/main/java/org/skinner/RestAPI.java
+++ b/app/src/main/java/org/skinner/RestAPI.java
@@ -244,6 +244,11 @@ public class RestAPI extends SafeHttpHandler {
 		}
 		
 		String[] cerd = new String(Base64.getDecoder().decode(authParts[1])).split(":");
+		if (cerd.length != 2) {
+			text(exchange, 401, "Invalid cerdentials format");
+			return;
+		}
+		
 		Profile profile = Database.getProfileByName(cerd[0]);
 		
 		if (profile == null || !Profile.generateHash(cerd[1], profile.getSalt()).equals(profile.getPassword())) {