atuleu/narco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds more unit testing

Browse Source 
Some basic security check for tempering of JWS.
This commit is contained in:
Alexandre Tuleu
2015-08-18 19:45:41 +02:00
parent abe3cbab1f
commit 26b7356b79
2 changed files with 137 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
jwt/jws.go
View File

@@ -80,9 +80,9 @@ func isBase64URLEncoding(b byte) bool {
}
// DecodeJWS decode an object encoded with the JWS serialized fromat
// as specified by RFX 7515. to avoid an attack where the unprotected
// JOSE header would contain a tempered signing algorithm, the Signer
// should also be specified.
// as specified by RFC 7515. to avoid an attack where the unprotected
// JOSE header would contain a modified alg field, the Signer should
// also be specified.
func DecodeJWS(data []byte, v interface{}, s Signer) error {
var headerLength, payloadLength int
for i, c := range data {