Security issue: Panic on invalid base62-encoded tokens
brycx opened this issue · comments
Documentation for decode()
, which also implicitly covers Branca::decode()
, states that:
If the input is not in Base62 format, it returns a
BrancaError::InvalidBase62Token
Result.
Prior to v0.10.0
this was not the case, instead a panic would occur:
Line 403 in 2fd4908
This could leave any validating instance vulnerable to potential DoS, when parsing untrusted data and unexpected panics could occur.
This behavior was corrected in 7da3274:
Line 427 in 289cf60