Merge pull request #52 from curityio/fix/master/issue-50-large-jwt

anestos · web-flow · commit 06c92541eb59 · 2021-10-21T12:16:38.000+02:00
Fix corruption of large JWTs when cache is enabled
diff --git a/phantom_token.c b/phantom_token.c
@@ -632,10 +632,10 @@ static ngx_int_t introspection_response_handler(ngx_http_request_t *request, voi
     ngx_str_t cache_data = ngx_null_string;
 
 #if (NGX_HTTP_CACHE)
-    if (!request->cache || !request->cache->buf)
+    if (request->cache && !request->cache->buf)
     {
-        // No cache; read JWT from response to sub-request
-        jwt_start = request->header_end + sizeof("\r\n") - 1;
+        // We have a cache but it's not primed
+        ngx_http_file_cache_open(request);
     }
 
     if (jwt_start == NULL && request->cache && request->cache->buf && request->cache->valid_sec > 0)
@@ -652,6 +652,10 @@ static ngx_int_t introspection_response_handler(ngx_http_request_t *request, voi
             jwt_start = cache_data.data;
         }
     }
+    else
+    {
+        jwt_start = request->header_end + sizeof("\r\n") - 1; // FIXME: Won't work if JWT is large
+    }
 
     if (jwt_start == NULL)
     {
@@ -664,7 +668,7 @@ static ngx_int_t introspection_response_handler(ngx_http_request_t *request, voi
         return introspection_subrequest_status_code;
     }
 #else
-    jwt_start = request->header_end + sizeof("\r\n") - 1;
+    jwt_start = request->header_end + sizeof("\r\n") - 1; // FIXME: Won't work if JWT is large
 #endif
 
     size_t jwt_len = request->headers_out.content_length_n;

Original file line number	Diff line number	Diff line change
`@@ -632,10 +632,10 @@ static ngx_int_t introspection_response_handler(ngx_http_request_t *request, voi`
`632`	`632`	`ngx_str_t cache_data = ngx_null_string;`
`633`	`633`
`634`	`634`	`#if (NGX_HTTP_CACHE)`
`635`		`- if (!request->cache \|\| !request->cache->buf)`
	`635`	`+ if (request->cache && !request->cache->buf)`
`636`	`636`	`{`
`637`		`- // No cache; read JWT from response to sub-request`
`638`		`- jwt_start = request->header_end + sizeof("\r\n") - 1;`
	`637`	`+ // We have a cache but it's not primed`
	`638`	`+ ngx_http_file_cache_open(request);`
`639`	`639`	`}`
`640`	`640`
`641`	`641`	`if (jwt_start == NULL && request->cache && request->cache->buf && request->cache->valid_sec > 0)`
`@@ -652,6 +652,10 @@ static ngx_int_t introspection_response_handler(ngx_http_request_t *request, voi`
`652`	`652`	`jwt_start = cache_data.data;`
`653`	`653`	`}`
`654`	`654`	`}`
	`655`	`+ else`
	`656`	`+ {`
	`657`	`+ jwt_start = request->header_end + sizeof("\r\n") - 1; // FIXME: Won't work if JWT is large`
	`658`	`+ }`
`655`	`659`
`656`	`660`	`if (jwt_start == NULL)`
`657`	`661`	`{`
`@@ -664,7 +668,7 @@ static ngx_int_t introspection_response_handler(ngx_http_request_t *request, voi`
`664`	`668`	`return introspection_subrequest_status_code;`
`665`	`669`	`}`
`666`	`670`	`#else`
`667`		`- jwt_start = request->header_end + sizeof("\r\n") - 1;`
	`671`	`+ jwt_start = request->header_end + sizeof("\r\n") - 1; // FIXME: Won't work if JWT is large`
`668`	`672`	`#endif`
`669`	`673`
`670`	`674`	`size_t jwt_len = request->headers_out.content_length_n;`