From 5d8fe5b272ebf859a1c7a6e83aa8695533589704 Mon Sep 17 00:00:00 2001
From: radonbark <radonbark@protonmail.com>
Date: Sat, 18 Jul 2020 00:47:32 -0400
Subject: [PATCH] Log warning instead of stack trace if token is too short

---
 src/main/kotlin/mdnet/base/server/ImageServer.kt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/kotlin/mdnet/base/server/ImageServer.kt b/src/main/kotlin/mdnet/base/server/ImageServer.kt
index aebc2aa..5234389 100644
--- a/src/main/kotlin/mdnet/base/server/ImageServer.kt
+++ b/src/main/kotlin/mdnet/base/server/ImageServer.kt
@@ -95,6 +95,10 @@ class ImageServer(
 
             if (tokenized || serverSettings.forceTokens) {
                 val tokenArr = Base64.getUrlDecoder().decode(Path.of("token")(request))
+                if (tokenArr.size < 24) {
+                    LOGGER.info { "Request for $sanitizedUri rejected for invalid token" }
+                    return@then Response(Status.FORBIDDEN)
+                }
                 val token = try {
                     JACKSON.readValue<Token>(
                         try {