Fixed: smart_str_free() bug

cdoco · cdoco · commit da72f6811546 · 2019-01-11T17:13:32.000+08:00
diff --git a/jwt.c b/jwt.c
@@ -630,9 +630,8 @@ static void php_jwt_decode(INTERNAL_FUNCTION_PARAMETERS) {
 
         if (jwt_verify(jwt, sig)) {
             zend_throw_exception(jwt_signature_invalid_cex, "Signature verification failed", 0);
+            goto decode_done;
         }
-
-        smart_str_free(&buf);
     }
 
     /* verify body */
@@ -643,6 +642,7 @@ static void php_jwt_decode(INTERNAL_FUNCTION_PARAMETERS) {
 decode_done:
     efree(head);
     jwt_free(jwt);
+    smart_str_free(&buf);
 }
 
 /* function jwt_encode() */
diff --git a/tests/015.phpt b/tests/015.phpt
@@ -8,7 +8,7 @@ $hmackey = "example-hmac-key";
 
 try {
     $decoded_token = jwt_decode('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7Im5hbWUiOiJaaUhhbmcgR2FvIiwiYWRtaW4iOnRydWV9LCJzdWIiOiIxMjM0NTY3ODkwIiwibmJmIjoxNTQ2ODQ4CJhdWQiOiJ5eSJ9.fDqiF-cCIvlcscIdz7dcFJoYGBcvHtI6MWB5IWG0VHA', $hmackey, ['algorithm' => 'HS256']);
-} catch (UnexpectedValueException $e) {
+} catch (SignatureInvalidException $e) {
      // Handle expired token
      echo "FAIL\n";
 }

Original file line number	Diff line number	Diff line change
`@@ -630,9 +630,8 @@ static void php_jwt_decode(INTERNAL_FUNCTION_PARAMETERS) {`
`630`	`630`
`631`	`631`	`if (jwt_verify(jwt, sig)) {`
`632`	`632`	`zend_throw_exception(jwt_signature_invalid_cex, "Signature verification failed", 0);`
	`633`	`+ goto decode_done;`
`633`	`634`	`}`
`634`		`-`
`635`		`- smart_str_free(&buf);`
`636`	`635`	`}`
`637`	`636`
`638`	`637`	`/* verify body */`
`@@ -643,6 +642,7 @@ static void php_jwt_decode(INTERNAL_FUNCTION_PARAMETERS) {`
`643`	`642`	`decode_done:`
`644`	`643`	`efree(head);`
`645`	`644`	`jwt_free(jwt);`
	`645`	`+ smart_str_free(&buf);`
`646`	`646`	`}`
`647`	`647`
`648`	`648`	`/* function jwt_encode() */`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ $hmackey = "example-hmac-key";`
`8`	`8`
`9`	`9`	`try {`
`10`	`10`	`$decoded_token = jwt_decode('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7Im5hbWUiOiJaaUhhbmcgR2FvIiwiYWRtaW4iOnRydWV9LCJzdWIiOiIxMjM0NTY3ODkwIiwibmJmIjoxNTQ2ODQ4CJhdWQiOiJ5eSJ9.fDqiF-cCIvlcscIdz7dcFJoYGBcvHtI6MWB5IWG0VHA', $hmackey, ['algorithm' => 'HS256']);`
`11`		`-} catch (UnexpectedValueException $e) {`
	`11`	`+} catch (SignatureInvalidException $e) {`
`12`	`12`	`// Handle expired token`
`13`	`13`	`echo "FAIL\n";`
`14`	`14`	`}`