[Mandatum]

This makes me nervous.

Are you parsing JWT objects?

A parser written in C shouldn’t be used on something like an authentication library for web services.

[freedomben]

I really don't understand the widespread fear of C/C++ that I see so often. The vast majority of security pitfalls are from using very old functions that don't check input. These are easily caught with linters and scanners. In many cases the compiler itself will warn you if you use them. Don't ignore warnings!

[waoush]

It is JWT introspection. Apache modules have to be written in C, and therefore so does my parser. It's another piece of infrastructure.

Whether or not it makes sense to do it like that is another story, but I don't have control over the design of enterprise architecture.

[Mandatum]

Remember that Apache Remote Code Execution bug? No, not Struts, the other one. No, not mod_cgi, the other one. No, not auth_digest the other one.. ad inifinum. These were all caused by so-called "unsafe legacy functions". Just because YOU might not implement them, doesn't mean others won't.

[mburee]

Can you elaborate? I mean it's not like that a lot of authenticator or crypto is written in C

[Mandatum]

The possibility for Remote Code Execution vulnerability from an unauthenticated user. This should be offloaded into a memory safe language, ideally by a parser that's been battle tested.