diff options
| -rw-r--r-- | server/src/auth.rs | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/server/src/auth.rs b/server/src/auth.rs index 69d68d0..d5ca54c 100644 --- a/server/src/auth.rs +++ b/server/src/auth.rs @@ -130,6 +130,9 @@ pub mod token { } pub fn validate(sk: &SessionKey, token: &str) -> Result<RowNum> { let cipher = URL_SAFE.decode(token)?; + if cipher.len() < 12 { + bail!("token format invalid") + } let (cipher, nonce) = cipher.split_at(cipher.len() - 12); let plain = sk.0.decrypt(nonce.into(), cipher) |