mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-01-19 00:51:37 +01:00
Code Issues Projects Releases Wiki Activity
15,829 Commits 24 Branches 406 Tags
Commit Graph

2 Commits

Author SHA1 Message Date
Willy Tarreau
468c000db0 BUG/MEDIUM: jwt: fix base64 decoding error detection 
Tim reported that a decoding error from the base64 function wouldn't
be matched in case of bad input, and could possibly cause trouble
with -1 being passed in decoded_sig->data. In the case of HMAC+SHA
it is harmless as the comparison is made using memcmp() after checking
for length equality, but in the case of RSA/ECDSA this result is passed
as a size_t to EVP_DigetVerifyFinal() and may depend on the lib's mood.

The fix simply consists in checking the intermediary result before
storing it.

That's precisely what happens with one of the regtests which returned
0 instead of 4 on the intentionally defective token, so the regtest
was fixed as well.

No backport is needed as this is new in this release.
 2021-10-15 11:41:16 +02:00
Remi Tricot-Le Breton
36da606324 REGTESTS: jwt: Add tests for the jwt_verify converter 
This regtest uses the new jwt_header_query, jwt_payload_query and
jwt_verify converters that can be used to validate a JSON Web Token.
 2021-10-14 16:38:14 +02:00