# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1664566711 -3600
# Node ID 62100f31eb8a25dab0f638f80ea0561568b253a9
# Parent  924bc1c8d0d9ec3c90b28a4d97008d62813ccd38
util.jwt: More robust ECDSA signature parsing, fail early on unexpected length

diff -r 924bc1c8d0d9 -r 62100f31eb8a util/jwt.lua
--- a/util/jwt.lua	Fri Sep 30 00:27:10 2022 +0200
+++ b/util/jwt.lua	Fri Sep 30 20:38:31 2022 +0100
@@ -141,8 +141,12 @@
 		return r..s;
 	end
 
+	local expected_sig_length = sig_bytes*2;
 	local function decode_ecdsa_sig(jwk_sig)
-		return crypto.build_ecdsa_signature(jwk_sig:sub(1, sig_bytes), jwk_sig:sub(sig_bytes+1, sig_bytes*2));
+		if #jwk_sig ~= expected_sig_length then
+			return nil;
+		end
+		return crypto.build_ecdsa_signature(jwk_sig:sub(1, sig_bytes), jwk_sig:sub(sig_bytes+1));
 	end
 	return new_crypto_algorithm(name, "id-ecPublicKey", c_sign, c_verify, encode_ecdsa_sig, decode_ecdsa_sig);
 end