From: Willy Tarreau <w@1wt.eu>
Date: Fri, 15 Oct 2021 10:10:24 +0000 (+0200)
Subject: BUG/MEDIUM: sample/jwt: fix another instance of base64 error detection
X-Git-Tag: v2.5-dev10~26
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e20e026033385d71f0abfd63cc31dc334a8d1665;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: sample/jwt: fix another instance of base64 error detection

This is the same as for commit 468c000db ("BUG/MEDIUM: jwt: fix base64
decoding error detection"), but for function sample_conv_jwt_member_query()
that is used by sample converters jwt_header_query() and jwt_payload_query().
Thanks to Tim for the report. No backport is needed.
---

diff --git a/src/sample.c b/src/sample.c
index de45245e93..47ccfbb0b3 100644
--- a/src/sample.c
+++ b/src/sample.c
@@ -3561,6 +3561,7 @@ static int sample_conv_jwt_member_query(const struct arg *args, struct sample *s
 	unsigned int item_num = member + 1; /* We don't need to tokenize the full token */
 	struct buffer *decoded_header = get_trash_chunk();
 	int retval = 0;
+	int ret;
 
 	jwt_tokenize(&smp->data.u.str, items, &item_num);
 
@@ -3571,12 +3572,12 @@ static int sample_conv_jwt_member_query(const struct arg *args, struct sample *s
 	if (!decoded_header)
 		goto end;
 
-	decoded_header->data = base64urldec(items[member].start, items[member].length,
-					    decoded_header->area, decoded_header->size);
-
-	if (decoded_header->data == (unsigned int)-1)
+	ret = base64urldec(items[member].start, items[member].length,
+	                   decoded_header->area, decoded_header->size);
+	if (ret == -1)
 		goto end;
 
+	decoded_header->data = ret;
 	if (args[0].type != ARGT_STR) {
 		smp->data.u.str = *decoded_header;
 		smp->data.type = SMP_T_STR;