arun11299 / cpp-jwt

JSON Web Token library for C++
MIT License
393 stars 112 forks source link

Empty signature part triggers assert #90

Open GeneratedNickname opened 3 years ago

GeneratedNickname commented 3 years ago

jwt_object::three_parts tries to read part three with negative length. Expected: Some kind of invalid_format error.

Reproduction:

jwt::decode("eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJtdl9jbGFpbSI6WyJmaXJzdCIsInNlY29uZCJdfQ.", jwt::params::algorithms({alg_to_str(jwt::algorithm::NONE)}), jwt::params::verify(false));