From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 8 Jun 2021 06:04:21 +0000 (+0300)
Subject: lib-oauth2: Do not escape '.'
X-Git-Tag: 2.3.14.1~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=213f2fcd80f244c402fb05caf4cb7c7a521dec9a;p=thirdparty%2Fdovecot%2Fcore.git

lib-oauth2: Do not escape '.'

This is not really needed and just makes things difficult.
---

diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
index b12cd13875..f0f9e8d162 100644
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -45,10 +45,10 @@ get_time_field(const struct json_tree *tree, const char *key, long *value_r)
 	return 1;
 }
 
-/* Escapes '.', '/' and '%' in identifier to %hex */
+/* Escapes '/' and '%' in identifier to %hex */
 static const char *escape_identifier(const char *identifier)
 {
-	size_t pos = strcspn(identifier, "./%");
+	size_t pos = strcspn(identifier, "/%");
 	/* nothing to escape */
 	if (identifier[pos] == '\0')
 		return identifier;
@@ -59,9 +59,6 @@ static const char *escape_identifier(const char *identifier)
 
 	for (size_t i = pos; i < len; i++) {
 	        switch (identifier[i]) {
-	        case '.':
-	                str_append(new_id, "%2e");
-	                break;
 	        case '/':
 	                str_append(new_id, "%2f");
 	                break;
diff --git a/src/lib-oauth2/test-oauth2-jwt.c b/src/lib-oauth2/test-oauth2-jwt.c
index ba6c320fd1..fa06d003f6 100644
--- a/src/lib-oauth2/test-oauth2-jwt.c
+++ b/src/lib-oauth2/test-oauth2-jwt.c
@@ -323,10 +323,10 @@ static void test_jwt_token_escape(void)
 			"http://test.unit/local%key",
 			"hs256",
 			"http://test.unit/local%key",
-			"http:%2f%2ftest%2eunit%2flocal%25key",
-			"http:%2f%2ftest%2eunit%2flocal%25key"
+			"http:%2f%2ftest.unit%2flocal%25key",
+			"http:%2f%2ftest.unit%2flocal%25key"
 		},
-		{ "../", "hs256", "../", "%2e%2e%2f", "%2e%2e%2f" },
+		{ "../", "hs256", "../", "..%2f", "..%2f" },
 	};
 
 	test_begin("JWT token escaping");
@@ -645,7 +645,7 @@ static void test_jwt_kid_escape(void)
 	 random_fill(ptr, 32);
 	 buffer_t *b64_key = t_base64_encode(0, SIZE_MAX,
 					     secret->data, secret->used);
-	 save_key_to("HS256", "hello%2eworld%2f%25", str_c(b64_key));
+	 save_key_to("HS256", "hello.world%2f%25", str_c(b64_key));
 	/* make a token */
 	buffer_t *tokenbuf = create_jwt_token_kid("HS256", "hello.world/%");
 	/* sign it */