Check payload length earlier

netbirdio · Sep 11, 2024 · fa9b338 · fa9b338
1 parent 4b2b279
commit fa9b338
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/relay/auth/hmac/v2/validator.go b/relay/auth/hmac/v2/validator.go
@@ -8,6 +8,8 @@ import (
  "time"
 )
 
+const minLengthUnixTimestamp = 10
+
 type Validator struct {
  secret []byte
 }
@@ -27,6 +29,10 @@ func (v *Validator) Validate(data any) error {
  return fmt.Errorf("unmarshal token: %w", err)
  }
 
+ if len(token.Payload) < minLengthUnixTimestamp {
+ return errors.New("invalid payload: insufficient length")
+ }
+
  hashFunc := token.AuthAlgo.New()
  if hashFunc == nil {
  return fmt.Errorf("unsupported auth algorithm: %s", token.AuthAlgo)
@@ -40,10 +46,6 @@ func (v *Validator) Validate(data any) error {
  return errors.New("invalid signature")
  }
 
- if len(token.Payload) < 8 {
- return errors.New("invalid payload: insufficient length")
- }
-
  timestamp, err := strconv.ParseInt(string(token.Payload), 10, 64)
  if err != nil {
  return fmt.Errorf("invalid payload: %w", err)