aboutsummaryrefslogtreecommitdiffstats
path: root/util
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-09-30 20:38:31 +0100
committerMatthew Wild <mwild1@gmail.com>2022-09-30 20:38:31 +0100
commite7bfb40a324c806c350f4c87cd41e3b83033377e (patch)
tree45337ec6d78504c7e952222263173592ee892e63 /util
parent70e54affa0d780922bd68bc12d411d59c4dbcf81 (diff)
downloadprosody-e7bfb40a324c806c350f4c87cd41e3b83033377e.tar.gz
prosody-e7bfb40a324c806c350f4c87cd41e3b83033377e.zip
util.jwt: More robust ECDSA signature parsing, fail early on unexpected length
Diffstat (limited to 'util')
-rw-r--r--util/jwt.lua6
1 files changed, 5 insertions, 1 deletions
diff --git a/util/jwt.lua b/util/jwt.lua
index 0c878efb..42a9f7f2 100644
--- a/util/jwt.lua
+++ b/util/jwt.lua
@@ -141,8 +141,12 @@ local function new_ecdsa_algorithm(name, c_sign, c_verify, sig_bytes)
return r..s;
end
+ local expected_sig_length = sig_bytes*2;
local function decode_ecdsa_sig(jwk_sig)
- return crypto.build_ecdsa_signature(jwk_sig:sub(1, sig_bytes), jwk_sig:sub(sig_bytes+1, sig_bytes*2));
+ if #jwk_sig ~= expected_sig_length then
+ return nil;
+ end
+ return crypto.build_ecdsa_signature(jwk_sig:sub(1, sig_bytes), jwk_sig:sub(sig_bytes+1));
end
return new_crypto_algorithm(name, "id-ecPublicKey", c_sign, c_verify, encode_ecdsa_sig, decode_ecdsa_sig);
end