BUG/MEDIUM: jwe: Fix jwt.decrypt_alg_list to work correctly

Function jwe_parse_global_alg_enc_list() handles both
jwt.decrypt_alg_list and jwd.decrypt_enc_list, but to know which array
to use, between the algorithms and encoding arrays to use, it was
checking the string to see if it matched jwe.supported_algorithms, so it
was always considering we were dealing with encodings, and
jwt.decrypt_alg_list could not possibly work.
Fix that by checking the right string.

diff --git a/src/jwe.c b/src/jwe.c
index d192cfd4c1383e7c1baa947b138577e70ff09a3b..2b8eafe591b240493eade22e37e64432382d681b 100644 (file)
--- a/src/jwe.c
+++ b/src/jwe.c
@@ -2175,11 +2175,11 @@ static int jwe_parse_global_alg_enc_list(char **args, int section_type, struct p
        if (dup_alg_enc_arrays())
                goto end;
 
-       if (args[0][14] == 'a') {
-               /* "jwe.supported_algorithms" */
+       if (args[0][12] == 'a') {
+               /* "jwt.decrypt_alg_list" */
                arr = jwe_algs;
        } else {
-               /* "jwe.supported_encodings" */
+               /* "jwt.decrypt_enc_list" */
                arr = jwe_encodings;
        }