[Libreoffice-commits] online.git: fuzzer/admin-data wsd/Auth.cpp

Miklos Vajna (via logerrit) logerrit at kemper.freedesktop.org
Fri Apr 3 07:18:36 UTC 2020 

 fuzzer/admin-data/crash-4e217e0c18bc938cbe7b4c7eeec25208c09b0f56 |binary
 fuzzer/admin-data/crash-ba9e8295835983c8b0b3f92ec5ef65cc76e78f12 |    1 +
 wsd/Auth.cpp                                                     |    6 ++++++
 3 files changed, 7 insertions(+)

New commits:
commit fc88a872c2af0bae41d6e48c9e493900bfc78b38
Author:     Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Thu Apr 2 17:30:14 2020 +0200
Commit:     Miklos Vajna <vmiklos at collabora.com>
CommitDate: Fri Apr 3 09:18:18 2020 +0200

    admin console: log when JWTAuth::verify() doesn't have enough tokens
    
    This is no longer a huge problem, but it's still a good idea to return
    early in that case.
    
    Found with the recently added admin_fuzzer, when I locally disabled the
    StringVector safety checks for test purposes.
    
    (If you view the diff with -U30, then you see that we access tokens[2]
    later, so if size is < 3, we should give up.)
    
    Change-Id: I46fc531fb042cc1485a17a9e994ad37e9ff0cd80
    Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91587
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
    Reviewed-by: Miklos Vajna <vmiklos at collabora.com>

diff --git a/fuzzer/admin-data/crash-4e217e0c18bc938cbe7b4c7eeec25208c09b0f56 b/fuzzer/admin-data/crash-4e217e0c18bc938cbe7b4c7eeec25208c09b0f56
new file mode 100644
index 000000000..73143ee96
Binary files /dev/null and b/fuzzer/admin-data/crash-4e217e0c18bc938cbe7b4c7eeec25208c09b0f56 differ
diff --git a/fuzzer/admin-data/crash-ba9e8295835983c8b0b3f92ec5ef65cc76e78f12 b/fuzzer/admin-data/crash-ba9e8295835983c8b0b3f92ec5ef65cc76e78f12
new file mode 100644
index 000000000..7b3507ff5
--- /dev/null
+++ b/fuzzer/admin-data/crash-ba9e8295835983c8b0b3f92ec5ef65cc76e78f12
@@ -0,0 +1 @@
+auth jwt=eyJakilliwiZXhwIjoiMTU4NTU3O3hbGciOiJ€UzI1NiIsInR5MJ0.DM1NeyJpc3MiOiJiJ9
\ No newline at end of file
diff --git a/wsd/Auth.cpp b/wsd/Auth.cpp
index c1a159748..a5f1a9fd0 100644
--- a/wsd/Auth.cpp
+++ b/wsd/Auth.cpp
@@ -105,6 +105,12 @@ bool JWTAuth::verify(const std::string& accessToken)
 
     try
     {
+        if (tokens.size() < 3)
+        {
+            LOG_INF("JWTAuth: verification failed; Not enough tokens");
+            return false;
+        }
+
         const std::string encodedBody = tokens[0] + '.' + tokens[1];
         _digestEngine.update(encodedBody.c_str(), static_cast<unsigned>(encodedBody.length()));
         Poco::Crypto::DigestEngine::Digest digest = _digestEngine.signature();

More information about the Libreoffice-commits mailing list