search

dgrijalva / jwt-go

ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at:
https://github.com/golang-jwt/jwt
MIT License
10.78k stars 997 forks source link

Example code is memory insecure #441

Open gardc opened 3 years ago

gardc commented 3 years ago

Referring to this example pointed to by the readme, feeding it an invalid JWT will create a memory panic.

Go playground example.

Checking for err and token.Valid before assuming it's all good in the hood fixes the issue, Go playground example.

johnbalvin commented 3 years ago

just check the error https://play.golang.org/p/LG0AFYMhGQm