Skip to content

Security release for v2.1.1

Latest
Latest
Compare
Choose a tag to compare
@benmcollins benmcollins released this 21 Dec 13:48
· 138 commits to master since this release
v2.1.1
This tag was signed with the committer’s verified signature.
benmcollins Ben Collins
GPG key ID: 5D5A57C7242B22CF
Learn about vigilant mode.
f5eef78
This commit was signed with the committer’s verified signature.
benmcollins Ben Collins
GPG key ID: 5D5A57C7242B22CF
Learn about vigilant mode.

jwt_decode_2(): Security vulnerability

This function had faulty logic based on some assumptions that it could trust the JWT in that if it was alg:none, it would not run the callback.

The assumption would allow an attacker to modify the JWT header and body and trick the function into returning without having retrieved a key from the cb, meaning no verification of the signature was done, and it retuned as if everything was successful.

The caller of jwt_decode_2 has no real way to know that their cb was never run.

As an aside, it was found that some of the test cases were assuming that you could call jwt_decode_2 with key_provider == NULL. This doesn't make much sense, considering there's no way to pass a key without a key_provider.

In this instance, if passed a JWT with alg:none, this was fine. If called with any other alg type, the code would attempt to run the NULL ``key_provider` and produce a SEGV.

RESOLUTION

  • jwt_decode_2 will always run the key_provider if passed, assuming there was not a previous error.
  • Always check key_provider for NULL before using it
  • If no key_provider, but JWT had alg != none, processing fails

NOTES:

  • jwt_decode() and jwt_decode_2() are being deprecated in favor more robust functionality.

Pre-built packages

Ubuntu ppa

Assets 3
Loading