apr_jwe_decrypt_content_aesgcm() fails to null terminate string

OpenIDC / mod_auth_openidc

OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x

Apache License 2.0

990 stars 327 forks source link

apr_jwe_decrypt_content_aesgcm() fails to null terminate string #128

Closed jdennis closed 8 years ago

jdennis commented 8 years ago

The test test_jwt_decrypt_gcm() in test.c would sometimes fail. The failure was caused by extra garbage appearing in the decrypted string after the expected string. This is due to the failure of apr_jwe_decrypt_content_aesgcm() to null terminate the string as is similarity done in apr_jwe_decrypt_content_aescbc().

There is a patch and pull request to fix this: https://github.com/pingidentity/mod_auth_openidc/pull/127

zandbelt commented 8 years ago

thanks for reporting and fixing; I will review and merge asap