Merge pull request #282 from square/cs/jws-panic

csstaub · web-flow · commit 4ef0f1b175cc · 2019-12-16T12:53:14.000-08:00
Better error handling around invalid headers
diff --git a/jws.go b/jws.go
@@ -102,14 +102,14 @@ func (sig Signature) mergedHeaders() rawHeader {
 }
 
 // Compute data to be signed
-func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature) []byte {
+func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature) ([]byte, error) {
 	var authData bytes.Buffer
 
 	protectedHeader := new(rawHeader)
 
 	if signature.original != nil && signature.original.Protected != nil {
 		if err := json.Unmarshal(signature.original.Protected.bytes(), protectedHeader); err != nil {
-			panic(err)
+			return nil, err
 		}
 		authData.WriteString(signature.original.Protected.base64())
 	} else if signature.protected != nil {
@@ -134,7 +134,7 @@ func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature
 		authData.Write(payload)
 	}
 
-	return authData.Bytes()
+	return authData.Bytes(), nil
 }
 
 // parseSignedFull parses a message in full format.
diff --git a/jws_test.go b/jws_test.go
@@ -18,8 +18,11 @@ package jose
 
 import (
 	"crypto/x509"
+	"encoding/base64"
 	"strings"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 const trustedCA = `
@@ -647,3 +650,39 @@ func TestDetachedCompactSerialization(t *testing.T) {
 		t.Fatalf("got '%s', expected '%s'", ser, msg)
 	}
 }
+
+func TestJWSComputeAuthDataBase64(t *testing.T) {
+	jws := JSONWebSignature{}
+
+	_, err := jws.computeAuthData([]byte{0x01}, &Signature{
+		original: &rawSignatureInfo{
+			Protected: newBuffer([]byte("{!invalid-json}")),
+		},
+	})
+	// Invalid header, should return error
+	assert.NotNil(t, err)
+
+	payload := []byte{0x01}
+	encodedPayload := base64.RawURLEncoding.EncodeToString(payload)
+
+	b64TrueHeader := newBuffer([]byte(`{"alg":"RSA-OAEP","enc":"A256GCM","b64":true}`))
+	b64FalseHeader := newBuffer([]byte(`{"alg":"RSA-OAEP","enc":"A256GCM","b64":false}`))
+
+	data, err := jws.computeAuthData(payload, &Signature{
+		original: &rawSignatureInfo{
+			Protected: b64TrueHeader,
+		},
+	})
+	assert.Nil(t, err)
+	// Payload should be b64 encoded
+	assert.Len(t, data, len(b64TrueHeader.base64())+len(encodedPayload)+1)
+
+	data, err = jws.computeAuthData(payload, &Signature{
+		original: &rawSignatureInfo{
+			Protected: b64FalseHeader,
+		},
+	})
+	assert.Nil(t, err)
+	// Payload should *not* be b64 encoded
+	assert.Len(t, data, len(b64FalseHeader.base64())+len(payload)+1)
+}
diff --git a/signing.go b/signing.go
@@ -370,7 +370,11 @@ func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey inter
 		}
 	}
 
-	input := obj.computeAuthData(payload, &signature)
+	input, err := obj.computeAuthData(payload, &signature)
+	if err != nil {
+		return ErrCryptoFailure
+	}
+
 	alg := headers.getSignatureAlgorithm()
 	err = verifier.verifyPayload(input, signature.Signature, alg)
 	if err == nil {
@@ -421,7 +425,11 @@ outer:
 			}
 		}
 
-		input := obj.computeAuthData(payload, &signature)
+		input, err := obj.computeAuthData(payload, &signature)
+		if err != nil {
+			continue
+		}
+
 		alg := headers.getSignatureAlgorithm()
 		err = verifier.verifyPayload(input, signature.Signature, alg)
 		if err == nil {

Original file line number	Diff line number	Diff line change
`@@ -102,14 +102,14 @@ func (sig Signature) mergedHeaders() rawHeader {`
`102`	`102`	`}`
`103`	`103`
`104`	`104`	`// Compute data to be signed`
`105`		`-func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature) []byte {`
	`105`	`+func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature) ([]byte, error) {`
`106`	`106`	`var authData bytes.Buffer`
`107`	`107`
`108`	`108`	`protectedHeader := new(rawHeader)`
`109`	`109`
`110`	`110`	`if signature.original != nil && signature.original.Protected != nil {`
`111`	`111`	`if err := json.Unmarshal(signature.original.Protected.bytes(), protectedHeader); err != nil {`
`112`		`- panic(err)`
	`112`	`+ return nil, err`
`113`	`113`	`}`
`114`	`114`	`authData.WriteString(signature.original.Protected.base64())`
`115`	`115`	`} else if signature.protected != nil {`
`@@ -134,7 +134,7 @@ func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature`
`134`	`134`	`authData.Write(payload)`
`135`	`135`	`}`
`136`	`136`
`137`		`- return authData.Bytes()`
	`137`	`+ return authData.Bytes(), nil`
`138`	`138`	`}`
`139`	`139`
`140`	`140`	`// parseSignedFull parses a message in full format.`
Original file line number	Diff line number	Diff line change
`@@ -370,7 +370,11 @@ func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey inter`
`370`	`370`	`}`
`371`	`371`	`}`
`372`	`372`
`373`		`- input := obj.computeAuthData(payload, &signature)`
	`373`	`+ input, err := obj.computeAuthData(payload, &signature)`
	`374`	`+ if err != nil {`
	`375`	`+ return ErrCryptoFailure`
	`376`	`+ }`
	`377`	`+`
`374`	`378`	`alg := headers.getSignatureAlgorithm()`
`375`	`379`	`err = verifier.verifyPayload(input, signature.Signature, alg)`
`376`	`380`	`if err == nil {`
`@@ -421,7 +425,11 @@ outer:`
`421`	`425`	`}`
`422`	`426`	`}`
`423`	`427`
`424`		`- input := obj.computeAuthData(payload, &signature)`
	`428`	`+ input, err := obj.computeAuthData(payload, &signature)`
	`429`	`+ if err != nil {`
	`430`	`+ continue`
	`431`	`+ }`
	`432`	`+`
`425`	`433`	`alg := headers.getSignatureAlgorithm()`
`426`	`434`	`err = verifier.verifyPayload(input, signature.Signature, alg)`
`427`	`435`	`if err == nil {`