diff options
| author | Matthew Wild <mwild1@gmail.com> | 2023-01-13 14:35:01 +0000 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2023-01-13 14:35:01 +0000 |
| commit | f987c4343e1829d6bd8ac7e5f74f189dc4f66da3 (patch) | |
| tree | 7a49d3476d93d820dffef93672f5883b5a043c4b /util | |
| parent | 26dc334ae315c37477c8f54d5d04d707215e2769 (diff) | |
| download | prosody-f987c4343e1829d6bd8ac7e5f74f189dc4f66da3.tar.gz prosody-f987c4343e1829d6bd8ac7e5f74f189dc4f66da3.zip | |
util.paseto: Stricter base64 decoding, as per spec
Diffstat (limited to 'util')
| -rw-r--r-- | util/paseto.lua | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/util/paseto.lua b/util/paseto.lua index 8b564c96..44210b1e 100644 --- a/util/paseto.lua +++ b/util/paseto.lua @@ -14,7 +14,18 @@ local b64url_rep = { ["+"] = "-", ["/"] = "_", ["="] = "", ["-"] = "+", ["_"] = local function b64url(data) return (s_gsub(base64_encode(data), "[+/=]", b64url_rep)); end + +local valid_tails = { + nil; -- Always invalid + "^.[AQgw]$"; -- b??????00 + "^..[AQgwEUk0IYo4Mcs8]$"; -- b????0000 +} + local function unb64url(data) + local rem = #data%4; + if data:sub(-1,-1) == "=" or rem == 1 or (rem > 1 and not data:sub(-rem):match(valid_tails[rem])) then + return nil; + end return base64_decode(s_gsub(data, "[-_]", b64url_rep).."=="); end |