crash on absent key id during exception handling #209

Zil0-eo · 2021-06-03T13:15:32Z

This has been introduced by 0edf66d in 0.9:

--- a/jwcrypto/jwt.py
+++ b/jwcrypto/jwt.py
@@ -489,7 +489,7 @@ class JWT(object):
                         self.deserializelog.append("Success")
                         break
                     except Exception as e:  # pylint: disable=broad-except
-                        keyid = k.key_id
+                        keyid = k['kid']
                         if keyid is None:

The property key_id returned None if key had no key id, but this made 'kid' mandatory.

The bug happens whenever an exception is raised during deserialization with such key. For example, a call to JWT(jwt=jwt, key=key, algs=['RS256', 'ES256']) with an ES256 key will trigger it, as the first attempt to use key as a RS256 key raises an exception.

The text was updated successfully, but these errors were encountered:

simo5 · 2021-06-03T13:41:19Z

Good catch!

simo5 · 2021-06-03T14:13:53Z

Do you have a reproducer?
I am trying to write a test, bu I cannot cause it to crash.

simo5 · 2021-06-03T14:21:42Z

Nevermind, got it.

This was causing the excpetion itself to crash on keys that do not have a 'kid'. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>

Direct use of k['kid'] was causing the excpetion itself to crash on keys that do not have a 'kid' with a keyError. Always use the .get accessor to pull 'kid' so that None is returned when not availble. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>

This was causing the excpetion itself to crash on keys that do not have a 'kid'. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>

Direct use of k['kid'] was causing the excpetion itself to crash on keys that do not have a 'kid' with a keyError. Always use the .get accessor to pull 'kid' so that None is returned when not availble. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>

Direct use of k['kid'] was causing the excpetion itself to crash on keys that do not have a 'kid' with a keyError. Always use the .get accessor to pull 'kid' so that None is returned when not availble. Fixes #209 Signed-off-by: Simo Sorce <simo@redhat.com>

simo5 added the bug label Jun 3, 2021

simo5 added a commit to simo5/jwcrypto that referenced this issue Jun 3, 2021

Fix crash in exception handler

53eceba

This was causing the excpetion itself to crash on keys that do not have a 'kid'. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>

simo5 mentioned this issue Jun 3, 2021

Fix crash in Keyset JWT decoding exception handler #210

Merged

simo5 added the Priority label Jun 3, 2021

simo5 mentioned this issue Jun 3, 2021

New __hash__() method doesn't consider kid #208

Closed

simo5 added a commit to simo5/jwcrypto that referenced this issue Jun 4, 2021

Fix crash in exception handler

87a5eed

This was causing the excpetion itself to crash on keys that do not have a 'kid'. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>

simo5 closed this as completed in #210 Jun 9, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crash on absent key id during exception handling #209

crash on absent key id during exception handling #209

Zil0-eo commented Jun 3, 2021

simo5 commented Jun 3, 2021

simo5 commented Jun 3, 2021

simo5 commented Jun 3, 2021

crash on absent key id during exception handling #209

crash on absent key id during exception handling #209

Comments

Zil0-eo commented Jun 3, 2021

simo5 commented Jun 3, 2021

simo5 commented Jun 3, 2021

simo5 commented Jun 3, 2021