From 26e85ce53b68aeda711b5fda24e823aa11f24b47 Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Sun, 10 May 2020 14:16:22 +0000
Subject: [PATCH] Added a catch for malformed apikey input.  - Legacy-Id: 17769

---
 ietf/person/models.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ietf/person/models.py b/ietf/person/models.py
index 74eb8fbca..ba39c8568 100644
--- a/ietf/person/models.py
+++ b/ietf/person/models.py
@@ -351,7 +351,10 @@ class PersonalApiKey(models.Model):
     def validate_key(cls, s):
         import struct, hashlib, base64
         assert isinstance(s, bytes)
-        key = base64.urlsafe_b64decode(s)
+        try:
+            key = base64.urlsafe_b64decode(s)
+        except Exception:
+            return None
         id, salt, hash = struct.unpack(KEY_STRUCT, key)
         k = cls.objects.filter(id=id)
         if not k.exists():