[kamailio/kamailio] jwt_mod.c HS256 secret inside a file kdata.len is off by one (Issue #3282)
In my use case I use HS256 so its a shared secret normally using a string with environment variable or something, not a key file. The jwt mod expects a file to load up the secret/key. So I just create a file with the secret inside the file, but I keep getting. ``` failed to decode jwt value ```
After digging into the source and trying to debug. It looks like when it's handing secret in a file the kdata.len is off by one.
This is the dirty fix for me. ``` diff --git a/src/modules/jwt/jwt_mod.c b/src/modules/jwt/jwt_mod.c index 233a0709..a67d0b89 100644 --- a/src/modules/jwt/jwt_mod.c +++ b/src/modules/jwt/jwt_mod.c @@ -509,7 +509,7 @@ static int ki_jwt_verify(sip_msg_t* msg, str *key, str *alg, str *claims, } }
- ret = jwt_decode(&jwt, jwtval->s, (unsigned char*)kdata.s, (size_t)kdata.len); + ret = jwt_decode(&jwt, jwtval->s, (unsigned char*)kdata.s, (size_t)kdata.len-1); if (ret!=0 || jwt==NULL) { LM_ERR("failed to decode jwt value\n"); goto error; ```
Looks like an easy fix, but might be something related to line/file endings coming from different platforms. Maybe @miconda can comment as well.
Closed #3282 as completed.
Indeed, I also expect to be some whitespace/EoL at the end of the file. I just pushed a patch to trim the key value. If still not working, re-open.
For the records, I just added a function that get the key value as parameter, that should allow getting it from env variable, without need to go through a file storage. It is in master branch.
-
Daniel-Constantin Mierla -
Henning Westerholt
-
momoterraw