From a0658c3cf3b4e93c9f7e27874ec2817758d6c61e Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Fri, 20 Jan 2023 09:37:26 +0100 Subject: [PATCH] BUG/MINOR: jwt: Wrong return value checked The wrong return value was checked, resulting in dead code and potential bugs. It should fix GitHub issue #2005. This patch should be backported up to 2.5. --- reg-tests/jwt/jws_verify.vtc | 3 ++- src/jwt.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/reg-tests/jwt/jws_verify.vtc b/reg-tests/jwt/jws_verify.vtc index 3aaf8d8..d9a6328 100644 --- a/reg-tests/jwt/jws_verify.vtc +++ b/reg-tests/jwt/jws_verify.vtc @@ -265,7 +265,8 @@ client c12 -connect ${h1_mainfe_sock} { rxresp expect resp.status == 200 expect resp.http.x-jwt-alg == "ES512" - expect resp.http.x-jwt-verify-ES512 == "0" + # Invalid token + expect resp.http.x-jwt-verify-ES512 == "-3" } -run diff --git a/src/jwt.c b/src/jwt.c index a17af18..b901588 100644 --- a/src/jwt.c +++ b/src/jwt.c @@ -331,7 +331,7 @@ jwt_jwsverify_rsa_ecdsa(const struct jwt_ctx *ctx, struct buffer *decoded_signat */ if (is_ecdsa) { int conv_retval = convert_ecdsa_sig(ctx, entry->pkey, decoded_signature); - if (retval != 0) { + if (conv_retval != 0) { retval = conv_retval; goto end; } -- 1.7.10.4