BUG/MINOR: jwt: Wrong return value checked The wrong return value was checked, resulting in dead code and potential bugs. It should fix GitHub issue #2005. This patch should be backported up to 2.5.

commit: a0658c3cf3b4e93c9f7e27874ec2817758d6c61e [log] [tgz]
author: Remi Tricot-Le Breton <rlebreton@haproxy.com> Fri Jan 20 09:37:26 2023 +0100
committer: William Lallemand <wlallemand@haproxy.org> Fri Jan 20 10:27:37 2023 +0100
tree: a099c3996aaaba01d3a8ef0585f739d793dc23d9
parent: 7d84439b4859915fd9dcfa9362109c402c867b96 [diff]
diff --git a/reg-tests/jwt/jws_verify.vtc b/reg-tests/jwt/jws_verify.vtc
index 3aaf8d8..d9a6328 100644
--- a/reg-tests/jwt/jws_verify.vtc
+++ b/reg-tests/jwt/jws_verify.vtc

@@ -265,7 +265,8 @@
     rxresp
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "ES512"
-    expect resp.http.x-jwt-verify-ES512 == "0"
+    # Invalid token
+    expect resp.http.x-jwt-verify-ES512 == "-3"
 } -run
 
 

diff --git a/src/jwt.c b/src/jwt.c
index a17af18..b901588 100644
--- a/src/jwt.c
+++ b/src/jwt.c

@@ -331,7 +331,7 @@
 	 */
 	if (is_ecdsa) {
 		int conv_retval = convert_ecdsa_sig(ctx, entry->pkey, decoded_signature);
-		if (retval != 0) {
+		if (conv_retval != 0) {
 			retval = conv_retval;
 			goto end;
 		}
commit	a0658c3cf3b4e93c9f7e27874ec2817758d6c61e	[log] [tgz]
author	Remi Tricot-Le Breton <rlebreton@haproxy.com>	Fri Jan 20 09:37:26 2023 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Fri Jan 20 10:27:37 2023 +0100
tree	a099c3996aaaba01d3a8ef0585f739d793dc23d9
parent	7d84439b4859915fd9dcfa9362109c402c867b96 [diff]