Software / code / prosody
Changeset
12738:62100f31eb8a
util.jwt: More robust ECDSA signature parsing, fail early on unexpected length
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 30 Sep 2022 20:38:31 +0100 |
| parents | 12737:924bc1c8d0d9 |
| children | 12739:0dc80024fdd2 |
| files | util/jwt.lua |
| diffstat | 1 files changed, 5 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/util/jwt.lua Fri Sep 30 00:27:10 2022 +0200 +++ b/util/jwt.lua Fri Sep 30 20:38:31 2022 +0100 @@ -141,8 +141,12 @@ return r..s; end + local expected_sig_length = sig_bytes*2; local function decode_ecdsa_sig(jwk_sig) - return crypto.build_ecdsa_signature(jwk_sig:sub(1, sig_bytes), jwk_sig:sub(sig_bytes+1, sig_bytes*2)); + if #jwk_sig ~= expected_sig_length then + return nil; + end + return crypto.build_ecdsa_signature(jwk_sig:sub(1, sig_bytes), jwk_sig:sub(sig_bytes+1)); end return new_crypto_algorithm(name, "id-ecPublicKey", c_sign, c_verify, encode_ecdsa_sig, decode_ecdsa_sig); end
