From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 21 Jun 2025 12:59:41 +0000 (+0000)
Subject: JWT: Normalize base64 data before decoding
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9ce8672134d5ca8a10bde011ab5ec716ece0491d;p=pakfire.git

JWT: Normalize base64 data before decoding

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/pakfire/jwt.c b/src/pakfire/jwt.c
index 21444ddd..20fa9fb6 100644
--- a/src/pakfire/jwt.c
+++ b/src/pakfire/jwt.c
@@ -63,6 +63,7 @@ static int pakfire_jwt_find_payload(const char* token, const char** payload, siz
 }
 
 static int pakfire_jwt_decode_payload(char** payload, size_t* length, const char* token) {
+	char* normalized = NULL;
 	const char* p = NULL;
 	size_t l = 0;
 	int r;
@@ -70,10 +71,21 @@ static int pakfire_jwt_decode_payload(char** payload, size_t* length, const char
 	// Find the payload
 	r = pakfire_jwt_find_payload(token, &p, &l);
 	if (r < 0)
-		return r;
+		goto ERROR;
+
+	// Normalize to standard base64
+	r = pakfire_b64normalize(&normalized, p, l);
+	if (r < 0)
+		goto ERROR;
 
 	// Decode the payload
-	return pakfire_b64decode((unsigned char**)payload, length, p, l);
+	r = pakfire_b64decode((unsigned char**)payload, length, normalized, -1);
+
+ERROR:
+	if (normalized)
+		free(normalized);
+
+	return r;
 }
 
 int pakfire_jwt_payload(struct pakfire_ctx* ctx, const char* token, struct json_object** payload) {