From 4d4ea2e787ed36a2190158d86d8470e3acbb349b Mon Sep 17 00:00:00 2001 From: Hsiaoming Yang Date: Wed, 13 May 2026 16:59:45 +0900 Subject: [PATCH] fix(jws): validate payload size for b64=false --- src/joserfc/_rfc7797/compact.py | 3 ++- src/joserfc/_rfc7797/json.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/joserfc/_rfc7797/compact.py b/src/joserfc/_rfc7797/compact.py index ae8be676..4e3c5f1b 100644 --- a/src/joserfc/_rfc7797/compact.py +++ b/src/joserfc/_rfc7797/compact.py @@ -49,6 +49,8 @@ def extract_rfc7515_compact( registry.validate_header_size(header_segment) registry.validate_signature_size(signature_segment) + if payload_segment: + registry.validate_payload_size(payload_segment) protected = decode_header(header_segment) @@ -61,7 +63,6 @@ def extract_rfc7515_compact( payload = to_bytes(payload) payload_segment = urlsafe_b64encode(payload) else: - registry.validate_payload_size(payload_segment) try: payload = urlsafe_b64decode(payload_segment) except (TypeError, ValueError): diff --git a/src/joserfc/_rfc7797/json.py b/src/joserfc/_rfc7797/json.py index 4c4ff632..0d2e97b0 100644 --- a/src/joserfc/_rfc7797/json.py +++ b/src/joserfc/_rfc7797/json.py @@ -31,10 +31,11 @@ def extract_rfc7797_json(value: FlattenedJSONSerialization, registry: JWSRegistr member = HeaderMember(protected, header) payload_segment: bytes = value["payload"].encode("utf-8") + registry.validate_payload_size(payload_segment) + if is_rfc7797_enabled(member.headers()): payload = payload_segment else: - registry.validate_payload_size(payload_segment) try: payload = urlsafe_b64decode(payload_segment) except (TypeError, ValueError):