eden-emu/cpp-jwt
14
0
Fork 0
mirror of https://github.com/arun11299/cpp-jwt.git synced 2025-05-14 16:58:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #32 from meastman/json-decode-out-of-bounds-read

Browse source 
Fix out of bounds read in base64_decode
This commit is contained in:
Arun Muralidharan 2018-10-04 07:31:09 +05:30 committed by GitHub
commit 5804dba959
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
include/jwt/base64.hpp
View file

@ -200,7 +200,7 @@ inline std::string base64_decode(const char* in, size_t len)
constexpr static const DMap dmap{};
while (dmap.at(in[bytes_rem - 1]) == -1) { bytes_rem--; }
while (bytes_rem > 0 && dmap.at(in[bytes_rem - 1]) == -1) { bytes_rem--; }
while (bytes_rem > 4)
{

14
tests/test_jwt_decode.cc
View file

@ -64,6 +64,20 @@ TEST (DecodeTest, DecodeInvalidHeader)
}
TEST (DecodeTest, DecodeEmptyHeader)
{
using namespace jwt::params;
const char* enc_str =
".eyJhdWQiOiJyaWZ0LmlvIiwiZXhwIjoxNTEzODYzMzcxLCJzdWIiOiJub3RoaW5nIG11Y2gifQ.";
std::error_code ec;
auto obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret(""), verify(true));
ASSERT_TRUE (ec);
EXPECT_EQ (ec.value(), static_cast<int>(jwt::DecodeErrc::JsonParseError));
}
TEST (DecodeTest, DecodeInvalidPayload)
{
using namespace jwt::params;