Skip to content

Commit df92f92

Browse files
cdococdoco
committed
Add check algorithm
1 parent fe5a671 commit df92f92

File tree

1 file changed

+24
-6
lines changed

1 file changed

+24
-6
lines changed

jwt.c

Lines changed: 24 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -245,14 +245,26 @@ PHP_FUNCTION(jwt_encode)
245245
char *sig = NULL, *alg = NULL;
246246
unsigned int sig_len;
247247
size_t alg_len;
248+
jwt_t *jwt = NULL;
248249

249250
if (zend_parse_parameters(ZEND_NUM_ARGS(), "aS|s", &claims, &key, &alg, &alg_len) == FAILURE) {
250251
return;
251252
}
252253

254+
/* init jwt */
255+
jwt_new(&jwt);
256+
253257
/* not set algorithm */
254258
alg = (alg == NULL) ? "HS256" : alg;
255259

260+
/* check algorithm */
261+
jwt->alg = jwt_str_alg(alg);
262+
263+
if (jwt->alg == JWT_ALG_INVAL) {
264+
zend_throw_exception(zend_ce_exception, "Algorithm not supported", 0);
265+
RETURN_FALSE;
266+
}
267+
256268
/* init */
257269
array_init(&header);
258270

@@ -270,17 +282,13 @@ PHP_FUNCTION(jwt_encode)
270282
smart_str_appends(&segments, jwt_b64_url_encode(json_claims.s));
271283

272284
/* set jwt struct */
273-
jwt_t *jwt = NULL;
274-
275-
jwt_new(&jwt);
276-
jwt->alg = jwt_str_alg(alg);
277285
jwt->key = key;
278286
jwt->str = segments.s;
279287

280288
/* sign */
281289
if (jwt_sign(jwt, &sig, &sig_len)) {
282-
efree(sig);
283290
zend_throw_exception(zend_ce_exception, "Signature error", 0);
291+
RETURN_FALSE;
284292
}
285293

286294
smart_str_appends(&segments, ".");
@@ -321,6 +329,14 @@ PHP_FUNCTION(jwt_decode)
321329
/* jwt init */
322330
jwt_new(&jwt);
323331

332+
/* check algorithm */
333+
jwt->alg = jwt_str_alg(alg);
334+
335+
if (jwt->alg == JWT_ALG_INVAL) {
336+
zend_throw_exception(zend_ce_exception, "Algorithm not supported", 0);
337+
RETURN_FALSE;
338+
}
339+
324340
/* Find the components. */
325341
for (body = head; body[0] != '.'; body++) {
326342
if (body[0] == '\0') {
@@ -351,16 +367,17 @@ PHP_FUNCTION(jwt_decode)
351367

352368
if (strcmp(Z_STRVAL_P(zalg), alg)) {
353369
zend_throw_exception(zend_ce_exception, "Algorithm not allowed", 0);
370+
RETURN_FALSE;
354371
}
355372
} else {
356373
zend_throw_exception(zend_ce_exception, "Json decode error", 0);
374+
RETURN_FALSE;
357375
}
358376

359377
/* parse body */
360378
jwt_parse_body(body, return_value);
361379

362380
/* set jwt struct */
363-
jwt->alg = jwt_str_alg(alg);
364381
jwt->key = key;
365382

366383
smart_str_appends(&segments, head);
@@ -371,6 +388,7 @@ PHP_FUNCTION(jwt_decode)
371388

372389
if (jwt_verify(jwt, sig)) {
373390
zend_throw_exception(zend_ce_exception, "Signature verification failed", 0);
391+
RETURN_FALSE;
374392
}
375393

376394
zval_ptr_dtor(&zv);

0 commit comments

Comments
 (0)