BUG/MEDIUM: jwt: fix base64 decoding error detection

Tim reported that a decoding error from the base64 function wouldn't
be matched in case of bad input, and could possibly cause trouble
with -1 being passed in decoded_sig->data. In the case of HMAC+SHA
it is harmless as the comparison is made using memcmp() after checking
for length equality, but in the case of RSA/ECDSA this result is passed
as a size_t to EVP_DigetVerifyFinal() and may depend on the lib's mood.

The fix simply consists in checking the intermediary result before
storing it.

That's precisely what happens with one of the regtests which returned
0 instead of 4 on the intentionally defective token, so the regtest
was fixed as well.

No backport is needed as this is new in this release.
This commit is contained in:
Willy Tarreau 2021-10-15 11:41:16 +02:00
parent 7b232f132d
commit 468c000db0
2 changed files with 6 additions and 5 deletions

View File

@ -152,7 +152,7 @@ client c4 -connect ${h1_mainfe_sock} {
rxresp
expect resp.status == 200
expect resp.http.x-jwt-alg == "HS512"
expect resp.http.x-jwt-verify-HS512 == "0"
expect resp.http.x-jwt-verify-HS512 == "4"
} -run

View File

@ -292,10 +292,10 @@ enum jwt_vrfy_status jwt_verify(const struct buffer *token, const struct buffer
{
struct jwt_item items[JWT_ELT_MAX] = { { 0 } };
unsigned int item_num = JWT_ELT_MAX;
struct buffer *decoded_sig = NULL;
struct jwt_ctx ctx = {};
enum jwt_vrfy_status retval = JWT_VRFY_KO;
int ret;
ctx.alg = jwt_parse_alg(alg->area, alg->data);
@ -325,13 +325,14 @@ enum jwt_vrfy_status jwt_verify(const struct buffer *token, const struct buffer
if (!decoded_sig)
return JWT_VRFY_OUT_OF_MEMORY;
decoded_sig->data = base64urldec(ctx.signature.start, ctx.signature.length,
ret = base64urldec(ctx.signature.start, ctx.signature.length,
decoded_sig->area, decoded_sig->size);
if (decoded_sig->data == (unsigned int)-1) {
if (ret == -1) {
retval = JWT_VRFY_INVALID_TOKEN;
goto end;
}
decoded_sig->data = ret;
ctx.key = key->area;
ctx.key_length = key->data;