BUG/MEDIUM: jwt: fix base64 decoding error detection

author Willy Tarreau <w@1wt.eu>

Fri, 15 Oct 2021 09:41:16 +0000 (11:41 +0200)

committer Willy Tarreau <w@1wt.eu>

Fri, 15 Oct 2021 09:41:16 +0000 (11:41 +0200)
author Willy Tarreau <w@1wt.eu>
Fri, 15 Oct 2021 09:41:16 +0000 (11:41 +0200)
committer Willy Tarreau <w@1wt.eu>
Fri, 15 Oct 2021 09:41:16 +0000 (11:41 +0200)
diff --git a/reg-tests/jwt/jws_verify.vtc b/reg-tests/jwt/jws_verify.vtc

index 27a187ff7ec98ed8423766f84fab4242ede034f6..47d5303a4c2674a8ea8e2f6724b94ca942ec3abb 100644 (file)
--- a/reg-tests/jwt/jws_verify.vtc
+++ b/reg-tests/jwt/jws_verify.vtc
@@ -152,7 +152,7 @@ client c4 -connect ${h1_mainfe_sock} {
      rxresp
      expect resp.status == 200
      expect resp.http.x-jwt-alg == "HS512"
-    expect resp.http.x-jwt-verify-HS512 == "0"
+    expect resp.http.x-jwt-verify-HS512 == "4"
  } -run
  
  
diff --git a/src/jwt.c b/src/jwt.c

index fd4626215d39e495b59cb5aee81cd31df906cbd8..0e233059f616631c7dba1533eeaa7217f691101d 100644 (file)
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -292,10 +292,10 @@ enum jwt_vrfy_status jwt_verify(const struct buffer *token, const struct buffer
  {
         struct jwt_item items[JWT_ELT_MAX] = { { 0 } };
         unsigned int item_num = JWT_ELT_MAX;
-
         struct buffer *decoded_sig = NULL;
         struct jwt_ctx ctx = {};
         enum jwt_vrfy_status retval = JWT_VRFY_KO;
+       int ret;
  
         ctx.alg = jwt_parse_alg(alg->area, alg->data);
  
@@ -325,13 +325,14 @@ enum jwt_vrfy_status jwt_verify(const struct buffer *token, const struct buffer
         if (!decoded_sig)
                 return JWT_VRFY_OUT_OF_MEMORY;
  
-       decoded_sig->data = base64urldec(ctx.signature.start, ctx.signature.length,
-                                        decoded_sig->area, decoded_sig->size);
-       if (decoded_sig->data == (unsigned int)-1) {
+       ret = base64urldec(ctx.signature.start, ctx.signature.length,
+                          decoded_sig->area, decoded_sig->size);
+       if (ret == -1) {
                 retval = JWT_VRFY_INVALID_TOKEN;
                 goto end;
         }
  
+       decoded_sig->data = ret;
         ctx.key = key->area;
         ctx.key_length = key->data;
author	Willy Tarreau <w@1wt.eu>
	Fri, 15 Oct 2021 09:41:16 +0000 (11:41 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Fri, 15 Oct 2021 09:41:16 +0000 (11:41 +0200)
reg-tests/jwt/jws_verify.vtc		patch \| blob \| blame \| history
src/jwt.c		patch \| blob \| blame \| history