On Tue, Apr 07, 2026 at 09:48:09AM +0200, Greg Kroah-Hartman wrote:
> Subject: [PATCH 04/10] BUG: jwe: fix NULL deref crash with empty CEK and
> non-dir alg
> In sample_conv_jwt_decrypt_secret(), when a JWE token has an empty
> encrypted-key section but the algorithm is not "dir" (e.g. A128KW),
> neither branch initializes decrypted_cek. The NULL pointer is then
> passed to decrypt_ciphertext() which dereferences it:
>
> - For GCM encodings: aes_process() calls b_orig(NULL) -> SIGSEGV
> - For CBC encodings: b_data(NULL) at jwe.c:463 -> SIGSEGV
>
> A single HTTP request with a crafted Authorization header crashes the
> worker process. Trigger token (JOSE header {"alg":"A128KW","enc":"A128GCM"},
> empty CEK section between the two dots):
>
> eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0..AAAAAAAAAAAAAAAA.AA.AA
>
> Reachable in any configuration using the jwt_decrypt_secret converter.
> The other two decrypt converters (jwt_decrypt_jwk, jwt_decrypt_cert)
> already have the check.
>
> This must be backported as far as JWE support exists.
Merged as a BUG/MEDIUM, thanks!
--
William Lallemand
