Fix read of uninitialized data (#155)

joan7770 · web-flow · commit 93ece19c7c9c · 2025-09-05T11:35:34.000-04:00
diff --git a/src/ngx_http_auth_jwt_module.c b/src/ngx_http_auth_jwt_module.c
@@ -355,7 +355,7 @@ static ngx_int_t get_jwt_var_claim(ngx_http_request_t *r, ngx_http_variable_valu
 
   ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "getting jwt var claim for var at index %l", *claim_idx);
 
-  if (ctx == NULL)
+  if (ctx == NULL || ctx->validation_status != NGX_OK)
   {
     ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "no module context found while getting jwt value");
 
diff --git a/test/test.sh b/test/test.sh
@@ -341,8 +341,13 @@ main() {
            -c 200 \
            -r 'sub: some-long-uuid$' \
            -x '--header "Authorization: Bearer ${JWT_HS256_VALID}"'
+  
+  run_test -n 'fails gracefully when extracting single claim as var with no JWT, auth jwt enabled' \
+           -p '/secure/extract-claim/body/sub' \
+           -c 200 \
+           -r 'sub: '
 
-  run_test -n 'fails gracefully when extracting single claim as var with no JWT' \
+  run_test -n 'fails gracefully when extracting single claim as var with no JWT, auth jwt disbaled' \
            -p '/unsecure/extract-claim/body/sub' \
            -c 200 \
            -r 'sub: '

Original file line number	Diff line number	Diff line change
`@@ -355,7 +355,7 @@ static ngx_int_t get_jwt_var_claim(ngx_http_request_t *r, ngx_http_variable_valu`
`355`	`355`
`356`	`356`	`ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "getting jwt var claim for var at index %l", *claim_idx);`
`357`	`357`
`358`		`- if (ctx == NULL)`
	`358`	`+ if (ctx == NULL \|\| ctx->validation_status != NGX_OK)`
`359`	`359`	`{`
`360`	`360`	`ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "no module context found while getting jwt value");`
`361`	`361`