Re: [PATCH] JWT payloads break b64dec convertor

Fri, 02 Apr 2021 06:04:45 -0700 

Moemen,

On 4/2/21 1:38 AM, Moemen MHEDHBI wrote:

Subject: [PATCH 1/2] MINOR: sample: add ub64dec and ubase64 converters

ub64dec and ubase64 are the base64url equivalent of b64dec and base64
converters. base64url encoding is the "URL and Filename Safe Alphabet"
variant of base64 encoding. It is also used in in JWT (JSON Web Token)
standard.
---
 doc/configuration.txt    | 11 ++++++++
 include/haproxy/base64.h |  2 ++
 src/base64.c             | 54 +++++++++++++++++++++++++++++++++++++++-
 src/sample.c             | 38 ++++++++++++++++++++++++++++
 4 files changed, 104 insertions(+), 1 deletion(-)


Consider adding a reg-test.


diff --git a/doc/configuration.txt b/doc/configuration.txt
index 7048fb63e..10098adef 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -15494,6 +15494,17 @@ base64
   transfer binary content in a way that can be reliably transferred (e.g.
   an SSL ID can be copied in a header).
+ub64dec 
+  This converter is the base64url variant of b64dec converter. base64url
+       encoding is the "URL and Filename Safe Alphabet" variant of base64 
encoding.
+       It is also the encoding used in JWT (JSON Web Token) standard.
+
+       Example:
+         http-request set-var(txn.token_payload) 
req.hdr(Authorization),word(2,.),ub64dec
+
+ubase64
+  This converter is the base64url variant of base64 converter.


This is not alphabetically sorted.


 bool
   Returns a boolean TRUE if the input value of type signed integer is
   non-null, otherwise returns FALSE. Used in conjunction with and(), it can be
diff --git a/src/base64.c b/src/base64.c
index 53e4d65b2..38902523f 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -138,6 +138,58 @@ int base64dec(const char *in, size_t ilen, char *out, 
size_t olen) {
        return convlen;
 }
+/* url variant of a2base64 */ 
+int a2base64url(char *in, int ilen, char *out, int olen){
I know that the existing functions also use 'int', but I'm pretty annoyed by not using 'size_t' for buffer sizes :-) 


[...]
+int base64urldec(const char *in, size_t ilen, char *out, size_t olen) {
+       char conv[ilen+2];


This looks like a remotely triggerable stack overflow.


[...]
/* Converts the lower 30 bits of an integer to a 5-char base64 string. The 
  * caller is responsible for ensuring that the output buffer can accept 6 bytes


Best regards
Tim Düsterhus

Reply via email to