xielei296
commented
4 years ago if (authorizationHeader != NULL) -> if (authorizationHeader != NULL && authorizationHeader->value.len > 10)
Closed xielei296 closed 4 years ago
xielei296
commented
4 years ago if (authorizationHeader != NULL) -> if (authorizationHeader != NULL && authorizationHeader->value.len > 10)
fitzyjoe
commented
4 years ago Thank you for reporting this. It had been previously reported in this post:
https://github.com/TeslaGov/ngx-http-auth-jwt-module/issues/40
I will make the change.
Hi, TeslaGov, I use it in a project, It works well. thanks for your awesome jwt module. But I found a problem while testing by using the http header segment(empty jwt string): "Authorization: Bearer "
line: 429 authorizationHeaderStr.len = authorizationHeader->value.len - (sizeof("Bearer ") - 1); authorizationHeaderStr.len may be nagative and would lead to a crash
suggest fix: ngx-http-auth-jwt-module.c line 424 if (authorizationHeader != NULL) -> if (authorizationHeader != NULL && authorizationHeader->value.len > 1)