go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-08 22:46:33 +02:00
Code Issues Releases Activity

Ensure decrypted user/email are valid UTF8

Browse Source
This commit is contained in:
Joel Speed
2020-06-02 20:53:33 +01:00
parent 2c851fcd4f
commit 808084b744
3 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/apis/sessions/session_state.go
View File

@@ -2,8 +2,10 @@ package sessions
import (
"encoding/json"
"errors"
"fmt"
"time"
"unicode/utf8"
"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
)
@@ -106,6 +108,9 @@ func DecodeSessionState(v string, c *encryption.Cipher) (*SessionState, error) {
if ss.Email != "" {
decryptedEmail, errEmail := c.Decrypt(ss.Email)
if errEmail == nil {
if !utf8.ValidString(decryptedEmail) {
return nil, errors.New("invalid value for decrypted email")
}
ss.Email = decryptedEmail
}
}
@@ -113,6 +118,9 @@ func DecodeSessionState(v string, c *encryption.Cipher) (*SessionState, error) {
if ss.User != "" {
decryptedUser, errUser := c.Decrypt(ss.User)
if errUser == nil {
if !utf8.ValidString(decryptedUser) {
return nil, errors.New("invalid value for decrypted user")
}
ss.User = decryptedUser
}
}