Skip to content

Commit

Permalink
fix: CVE-2022-39175
Browse files Browse the repository at this point in the history
  • Loading branch information
@lepture
lepture committed Sep 9, 2022
1 parent 16efa94 commit 80b0808
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion authlib/jose/rfc7515/jws.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,7 +252,7 @@ def _prepare_algorithm_key(self, header, payload, key):
algorithm = self.ALGORITHMS_REGISTRY[alg]
if callable(key):
key = key(header, payload)
elif 'jwk' in header:
elif key is None and 'jwk' in header:
key = header['jwk']
key = algorithm.prepare_key(key)
return algorithm, key
Expand Down
2 changes: 1 addition & 1 deletion authlib/jose/rfc7516/jwe.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -717,6 +717,6 @@ def _validate_private_headers(self, header, alg):
def prepare_key(alg, header, key):
if callable(key):
key = key(header, None)
elif 'jwk' in header:
elif key is None and 'jwk' in header:
key = header['jwk']
return alg.prepare_key(key)

0 comments on commit 80b0808

Please sign in to comment.