BUG/MEDIUM: jwe: fix NULL deref crash with empty CEK and non-dir alg

In sample_conv_jwt_decrypt_secret(), when a JWE token has an empty encrypted-key section but the algorithm is not "dir" (e.g. A128KW), neither branch initializes decrypted_cek. The NULL pointer is then passed to decrypt_ciphertext() which dereferences it: - For GCM encodings: aes_process() calls b_orig(NULL) -> SIGSEGV - For CBC encodings: b_data(NULL) at jwe.c:463 -> SIGSEGV A single HTTP request with a crafted Authorization header crashes the worker process. Trigger token (JOSE header {"alg":"A128KW","enc":"A128GCM"}, empty CEK section between the two dots): eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0..AAAAAAAAAAAAAAAA.AA.AA Reachable in any configuration using the jwt_decrypt_secret converter. The other two decrypt converters (jwt_decrypt_jwk, jwt_decrypt_cert) already have the check. This must be backported as far as JWE support exists.
2026-04-10 21:41:39 +02:00 · 2026-04-07 09:48:09 +02:00 · 2026-04-07 09:48:09 +02:00 · 717e9aec5f
commit 717e9aec5f
parent ed267f9bc5
1 changed files with 4 additions and 0 deletions
--- a/src/jwe.c
+++ b/src/jwe.c
@ -718,6 +718,10 @@ static int sample_conv_jwt_decrypt_secret(const struct arg *args, struct sample
 			goto end;

 		chunk_memcpy(decrypted_cek, secret_smp.data.u.str.area, secret_smp.data.u.str.data);
+	} else {
+		/* Empty CEK with a non-"dir" algorithm: nothing we can use to
+		 * derive a key. Bail out instead of passing NULL down. */
+		goto end;
 	}

 	/* Decode the encrypted content thanks to decrypted_cek secret */