From a7ef3cd3c7d32e8799ad0a397fc57e8c347463cf Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 26 Aug 2024 12:32:03 +0200 Subject: Merging upstream version 1:2.3.21.1+dfsg1. Signed-off-by: Daniel Baumann --- src/lib-oauth2/oauth2-jwt.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) (limited to 'src/lib-oauth2') diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c index bc7779f..04db602 100644 --- a/src/lib-oauth2/oauth2-jwt.c +++ b/src/lib-oauth2/oauth2-jwt.c @@ -3,6 +3,7 @@ #include "lib.h" #include "buffer.h" #include "str.h" +#include "strescape.h" #include "hmac.h" #include "array.h" #include "hash-method.h" @@ -30,6 +31,29 @@ static const char *get_field(const struct json_tree *tree, const char *key) return json_tree_get_value_str(value_node); } +static const char *get_field_multiple(const struct json_tree *tree, const char *key) +{ + const struct json_tree_node *root = json_tree_root(tree); + const struct json_tree_node *value_node = json_tree_find_key(root, key); + if (value_node == NULL || value_node->value_type == JSON_TYPE_OBJECT) + return NULL; + if (value_node->value_type != JSON_TYPE_ARRAY) + return json_tree_get_value_str(value_node); + + const struct json_tree_node *entry_node = json_tree_get_child(value_node); + string_t *values = t_str_new(64); + for (; entry_node != NULL; entry_node = entry_node->next) { + if (entry_node->value_type == JSON_TYPE_OBJECT || + entry_node->value_type == JSON_TYPE_ARRAY) + continue; + const char *value_str = json_tree_get_value_str(entry_node); + if (str_len(values) > 0) + str_append_c(values, '\t'); + str_append_tabescaped(values, value_str); + } + return str_c(values); +} + static int get_time_field(const struct json_tree *tree, const char *key, int64_t *value_r) { @@ -418,7 +442,7 @@ oauth2_jwt_body_process(const struct oauth2_settings *set, const char *alg, } } - const char *aud = get_field(tree, "aud"); + const char *aud = get_field_multiple(tree, "aud"); /* if there is client_id configured, then aud should be present */ if (set->client_id != NULL && *set->client_id != '\0') { if (aud == NULL) { @@ -426,7 +450,7 @@ oauth2_jwt_body_process(const struct oauth2_settings *set, const char *alg, return -1; } - const char *const *auds = t_strsplit_spaces(aud, " "); + const char *const *auds = t_strsplit_tabescaped(aud); if (!str_array_find(auds, set->client_id)) { *error_r = "client_id not found in aud field"; return -1; -- cgit v1.2.3