Skip to content

Commit 453cb75

Browse files
TimUnderhayTimUnderhay
committed
Key length fix
1 parent ae738dd commit 453cb75

File tree

1 file changed

+9
-6
lines changed

1 file changed

+9
-6
lines changed

src/ngx_http_auth_jwt_module.c

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,7 @@ static ngx_int_t ngx_http_auth_jwt_handler(ngx_http_request_t *r)
131131
time_t exp;
132132
time_t now;
133133
ngx_str_t auth_jwt_algorithm;
134+
int keylen;
134135

135136
jwtcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_jwt_module);
136137

@@ -151,8 +152,9 @@ static ngx_int_t ngx_http_auth_jwt_handler(ngx_http_request_t *r)
151152
auth_jwt_algorithm = jwtcf->auth_jwt_algorithm;
152153
if (auth_jwt_algorithm.len == 0 || (auth_jwt_algorithm.len == sizeof("HS256") - 1 && ngx_strncmp(auth_jwt_algorithm.data, "HS256", sizeof("HS256") - 1)==0))
153154
{
154-
ngx_log_debug(NGX_LOG_DEBUG, r->connection->log, 0, "got to 0");
155-
keyBinary = ngx_palloc(r->pool, jwtcf->auth_jwt_key.len / 2);
155+
ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0, "got to 0");
156+
keylen = jwtcf->auth_jwt_key.len / 2;
157+
keyBinary = ngx_palloc(r->pool, keylen);
156158
if (0 != hex_to_binary((char *)jwtcf->auth_jwt_key.data, keyBinary, jwtcf->auth_jwt_key.len))
157159
{
158160
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "failed to turn hex key into binary");
@@ -162,15 +164,16 @@ static ngx_int_t ngx_http_auth_jwt_handler(ngx_http_request_t *r)
162164
else if ( auth_jwt_algorithm.len == sizeof("RS256") - 1 && ngx_strncmp(auth_jwt_algorithm.data, "RS256", sizeof("RS256") - 1) == 0 )
163165
{
164166
// in this case, 'Binary' is a misnomer, as it is the private key string itself
165-
ngx_log_debug(NGX_LOG_DEBUG, r->connection->log, 0, "got to 1");
167+
ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0, "got to 1");
166168
keyBinary = ngx_palloc(r->pool, jwtcf->auth_jwt_key.len);
167169
ngx_memcpy(keyBinary, jwtcf->auth_jwt_key.data, jwtcf->auth_jwt_key.len);
168-
170+
keylen = jwtcf->auth_jwt_key.len;
169171
}
170172

171173
// validate the jwt
172-
ngx_log_debug(NGX_LOG_DEBUG, r->connection->log, 0, "trying to decode JWT");
173-
jwtParseReturnCode = jwt_decode(&jwt, jwtCookieValChrPtr, keyBinary, jwtcf->auth_jwt_key.len / 2);
174+
ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0, "trying to decode JWT");
175+
jwtParseReturnCode = jwt_decode(&jwt, jwtCookieValChrPtr, keyBinary, keylen);
176+
174177
if (jwtParseReturnCode != 0)
175178
{
176179
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "failed to parse jwt");

0 commit comments

Comments
 (0)