highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-11-10 22:18:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reject incorrect base64 in HTTP auth

Browse Source 
In addition, to make sure that no call site ignores the invalid
decoding status, make the pf_invalid argument mandatory.
This commit is contained in:
Pieter Wuille
2022-04-08 23:17:01 -04:00
committed by MacroFake
parent d648b5120b
commit a4377a0843
5 changed files with 17 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/httprpc.cpp
View File

@@ -132,7 +132,9 @@ static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUserna
if (strAuth.substr(0, 6) != "Basic ")
return false;
std::string strUserPass64 = TrimString(strAuth.substr(6));
std::string strUserPass = DecodeBase64(strUserPass64);
bool invalid;
std::string strUserPass = DecodeBase64(strUserPass64, &invalid);
if (invalid) return false;
if (strUserPass.find(':') != std::string::npos)
strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(':'));