BUG/MINOR: jwt: Fix jwt_parse_alg incorrectly returning JWS_ALG_NONE

jwt_parse_alg would mistakenly return JWT_ALG_NONE for algorithms "",
"n", "no" and "non" because of a strncmp misuse. It now sees them as
unknown algorithms.

No backport needed.

Cc: Tim Duesterhus <tim@bastelstu.be>

diff --git a/src/jwt.c b/src/jwt.c
index 94bfa5adb1e8d30009c0f6ac9aac6cbc70df6ad1..8c45375428f552e837866e74c4fbb30b63474ffd 100644 (file)
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -34,7 +34,7 @@ enum jwt_alg jwt_parse_alg(const char *alg_str, unsigned int alg_len)
 
        /* Algorithms are all 5 characters long apart from "none". */
        if (alg_len < sizeof("HS256")-1) {
-               if (strncmp("none", alg_str, alg_len) == 0)
+               if (alg_len == sizeof("none")-1 && strcmp("none", alg_str) == 0)
                        alg = JWS_ALG_NONE;
                return alg;
        }