Skip to content

Commit 2197bb2

Browse files
cdococdoco
committed
Modify memory release order
1 parent df92f92 commit 2197bb2

File tree

1 file changed

+17
-8
lines changed

1 file changed

+17
-8
lines changed

jwt.c

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -261,6 +261,8 @@ PHP_FUNCTION(jwt_encode)
261261
jwt->alg = jwt_str_alg(alg);
262262

263263
if (jwt->alg == JWT_ALG_INVAL) {
264+
jwt_free(jwt);
265+
264266
zend_throw_exception(zend_ce_exception, "Algorithm not supported", 0);
265267
RETURN_FALSE;
266268
}
@@ -276,35 +278,42 @@ PHP_FUNCTION(jwt_encode)
276278
php_json_encode(&json_header, &header, 0);
277279
php_json_encode(&json_claims, claims, 0);
278280

281+
zval_ptr_dtor(&header);
282+
279283
/* base64 encode */
280284
smart_str_appends(&segments, jwt_b64_url_encode(json_header.s));
281285
smart_str_appends(&segments, ".");
282286
smart_str_appends(&segments, jwt_b64_url_encode(json_claims.s));
283287

288+
smart_str_free(&json_header);
289+
smart_str_free(&json_claims);
290+
284291
/* set jwt struct */
285292
jwt->key = key;
286293
jwt->str = segments.s;
287294

288295
/* sign */
289296
if (jwt_sign(jwt, &sig, &sig_len)) {
297+
efree(sig);
298+
jwt_free(jwt);
299+
290300
zend_throw_exception(zend_ce_exception, "Signature error", 0);
291301
RETURN_FALSE;
292302
}
293303

304+
/* string concatenation */
294305
smart_str_appends(&segments, ".");
295306

296307
zend_string *sig_str = zend_string_init(sig, sig_len, 0);
297308

298309
smart_str_appends(&segments, jwt_b64_url_encode(sig_str));
310+
zend_string_free(sig_str);
311+
299312
smart_str_0(&segments);
300313

301314
/* free */
302315
efree(sig);
303316
jwt_free(jwt);
304-
zval_ptr_dtor(&header);
305-
smart_str_free(&json_header);
306-
smart_str_free(&json_claims);
307-
zend_string_free(sig_str);
308317

309318
RETURN_STR(segments.s);
310319
}
@@ -334,7 +343,7 @@ PHP_FUNCTION(jwt_decode)
334343

335344
if (jwt->alg == JWT_ALG_INVAL) {
336345
zend_throw_exception(zend_ce_exception, "Algorithm not supported", 0);
337-
RETURN_FALSE;
346+
goto decode_done;
338347
}
339348

340349
/* Find the components. */
@@ -361,10 +370,13 @@ PHP_FUNCTION(jwt_decode)
361370
zend_string *json_h = jwt_b64_url_decode(head);
362371

363372
php_json_decode_ex(&zv, ZSTR_VAL(json_h), ZSTR_LEN(json_h), PHP_JSON_OBJECT_AS_ARRAY, 512);
373+
zend_string_free(json_h);
364374

365375
if (Z_TYPE(zv) == IS_ARRAY) {
366376
zval *zalg = zend_hash_str_find(Z_ARRVAL(zv), "alg", strlen("alg"));
367377

378+
zval_ptr_dtor(&zv);
379+
368380
if (strcmp(Z_STRVAL_P(zalg), alg)) {
369381
zend_throw_exception(zend_ce_exception, "Algorithm not allowed", 0);
370382
RETURN_FALSE;
@@ -388,11 +400,8 @@ PHP_FUNCTION(jwt_decode)
388400

389401
if (jwt_verify(jwt, sig)) {
390402
zend_throw_exception(zend_ce_exception, "Signature verification failed", 0);
391-
RETURN_FALSE;
392403
}
393404

394-
zval_ptr_dtor(&zv);
395-
zend_string_free(json_h);
396405
smart_str_free(&segments);
397406

398407
decode_done:

0 commit comments

Comments
 (0)