From 9f575bd416e1f7afbd11d4b221074f34bb89605c Mon Sep 17 00:00:00 2001
From: Dan Engelbrecht <dan.engelbrecht@epicgames.com>
Date: Thu, 4 Sep 2025 13:17:25 +0200
Subject: add validation of compact binary payloads before reading them (#483)

* add validation of compact binary payloads before reading them
---
 src/zenhttp/auth/authmgr.cpp | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'src/zenhttp/auth/authmgr.cpp')

diff --git a/src/zenhttp/auth/authmgr.cpp b/src/zenhttp/auth/authmgr.cpp
index 6c1a66a99..209276621 100644
--- a/src/zenhttp/auth/authmgr.cpp
+++ b/src/zenhttp/auth/authmgr.cpp
@@ -5,7 +5,7 @@
 #include <zencore/basicfile.h>
 #include <zencore/compactbinary.h>
 #include <zencore/compactbinarybuilder.h>
-#include <zencore/compactbinaryvalidation.h>
+#include <zencore/compactbinaryutil.h>
 #include <zencore/crypto.h>
 #include <zencore/filesystem.h>
 #include <zencore/logging.h>
@@ -297,15 +297,14 @@ private:
 				return;
 			}
 
-			const CbValidateError ValidationError = ValidateCompactBinary(Buffer, CbValidateMode::All);
-
-			if (ValidationError != CbValidateError::None)
+			CbValidateError ValidationError;
+			if (CbObject AuthState = ValidateAndReadCompactBinaryObject(std::move(Buffer), ValidationError);
+				ValidationError != CbValidateError::None)
 			{
-				ZEN_WARN("load serialized state FAILED, reason 'Invalid compact binary'");
+				ZEN_WARN("load serialized state FAILED, reason '{}'", ToString(ValidationError));
 				return;
 			}
-
-			if (CbObject AuthState = LoadCompactBinaryObject(Buffer))
+			else
 			{
 				for (CbFieldView ProviderView : AuthState["OpenIdProviders"sv])
 				{
-- 
cgit v1.2.3