Tomas/skinner
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Added length checking for authorization header

Browse Source
This commit is contained in:
Tomuxs
2025-06-12 04:39:07 +02:00
parent 542686ffd5
commit 82f946bb36
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/src/main/java/org/skinner/RestAPI.java
View File

@ -244,6 +244,11 @@ public class RestAPI extends SafeHttpHandler {
} }
String[] cerd = new String(Base64.getDecoder().decode(authParts[1])).split(":"); String[] cerd = new String(Base64.getDecoder().decode(authParts[1])).split(":");
if (cerd.length != 2) {
text(exchange, 401, "Invalid cerdentials format");
return;
}
Profile profile = Database.getProfileByName(cerd[0]); Profile profile = Database.getProfileByName(cerd[0]);
if (profile == null || !Profile.generateHash(cerd[1], profile.getSalt()).equals(profile.getPassword())) { if (profile == null || !Profile.generateHash(cerd[1], profile.getSalt()).equals(profile.getPassword())) {