vendor: https://github.com/GlitchedPolygons/l8w8jwt
version: 2.2.1
The l8w8jwt_decode
function of decode.c
implements the function of comparing the HS256 algorithm signature.
However, the function uses memcmp
to compare the calculated signature with the JWT signature we provided, and memcmp
is not a time-safe comparison function.
This means that the more similar the prefix of the signature we provide to the actual calculated signature, the longer the comparison will take, which can lead to temporal side-channel attacks. An attacker can learn the correct signature and bypass verification.