jwt.ccp char array

Question

jwt.ccp char array

sburnwal opened this issue 7 years ago · 2 comments

I see this code in jwt.cpp:

    str_ptr dec_header(new char[num_dec_header]);
    if (Base64Encode::DecodeUrl(header, num_header, dec_header.get(),
                                &num_dec_header) != 0) {
        // This cannot happen, as we have checked for valid characters already..
        throw std::logic_error("validated header block has invalid characters");
    }
    // Make sure we have a proper \0 termination
    dec_header.get()[num_dec_header] = 0;

Shouldn't the last line be like below ? I mean the array size is num_dec_header, so the last element in the array is at num_dec_header - 1.

dec_header.get()[num_dec_header - 1] = 0;

Answer 1 · 2018-05-24T15:45:41.000Z

Yes! This is really bad.

Let me fix this.

Answer 2 · 2018-05-24T15:54:03.000Z

Thank you for finding this!