Skip to content

Commit 8ebf6fd

Browse files
zandbeltzandbelt
committed
jose: prevent memory leaks when zlib compressing (deflate) fails
in oidc_jose_zlib_compress Signed-off-by: Hans Zandbelt <[email protected]>
1 parent bd7bb50 commit 8ebf6fd

File tree

2 files changed

+23
-19
lines changed

2 files changed

+23
-19
lines changed

ChangeLog

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
01/19/2025
2+
- jose: prevent memory leaks when zlib compressing (deflate) fails in oidc_jose_zlib_compress
3+
14
01/02/2025
25
- add a configuration check for public/private keys when using DPoP; closes #1293; thanks @ahus1
36
- update copyright year to 2025

src/jose.c

Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -969,6 +969,7 @@ static apr_byte_t oidc_jose_brotli_uncompress(apr_pool_t *pool, const char *inpu
969969
*/
970970
static apr_byte_t oidc_jose_zlib_compress(apr_pool_t *pool, const char *input, int input_len, char **output,
971971
int *output_len, oidc_jose_error_t *err) {
972+
apr_byte_t rv = FALSE;
972973
int status = Z_OK;
973974
z_stream zlib;
974975

@@ -985,24 +986,24 @@ static apr_byte_t oidc_jose_zlib_compress(apr_pool_t *pool, const char *input, i
985986
status = deflateInit(&zlib, Z_BEST_COMPRESSION);
986987
if (status != Z_OK) {
987988
oidc_jose_error(err, "deflateInit() failed: %d", status);
988-
return FALSE;
989+
goto end;
989990
}
990991

991992
status = deflate(&zlib, Z_FINISH);
992993
if (status != Z_STREAM_END) {
993994
oidc_jose_error(err, "deflate() failed: %d", status);
994-
return FALSE;
995-
}
996-
997-
status = deflateEnd(&zlib);
998-
if (status != Z_OK) {
999-
oidc_jose_error(err, "deflateEnd() failed: %d", status);
1000-
return FALSE;
995+
goto end;
1001996
}
1002997

1003998
*output_len = (int)zlib.total_out;
1004999

1005-
return TRUE;
1000+
rv = TRUE;
1001+
1002+
end:
1003+
1004+
deflateEnd(&zlib);
1005+
1006+
return rv;
10061007
}
10071008

10081009
#define OIDC_CJOSE_UNCOMPRESS_CHUNK 8192
@@ -1012,6 +1013,7 @@ static apr_byte_t oidc_jose_zlib_compress(apr_pool_t *pool, const char *input, i
10121013
*/
10131014
static apr_byte_t oidc_jose_zlib_uncompress(apr_pool_t *pool, const char *input, int input_len, char **output,
10141015
int *output_len, oidc_jose_error_t *err) {
1016+
apr_byte_t rv = FALSE;
10151017
int status = Z_OK;
10161018
size_t len = OIDC_CJOSE_UNCOMPRESS_CHUNK;
10171019
char *tmp = NULL, *buf = apr_pcalloc(pool, len);
@@ -1027,7 +1029,7 @@ static apr_byte_t oidc_jose_zlib_uncompress(apr_pool_t *pool, const char *input,
10271029
status = inflateInit(&zlib);
10281030
if (status != Z_OK) {
10291031
oidc_jose_error(err, "inflateInit() failed: %d", status);
1030-
return FALSE;
1032+
goto end;
10311033
}
10321034

10331035
while (status == Z_OK) {
@@ -1044,20 +1046,19 @@ static apr_byte_t oidc_jose_zlib_uncompress(apr_pool_t *pool, const char *input,
10441046

10451047
if (status != Z_STREAM_END) {
10461048
oidc_jose_error(err, "inflate() failed: %d", status);
1047-
inflateEnd(&zlib);
1048-
return FALSE;
1049-
}
1050-
1051-
status = inflateEnd(&zlib);
1052-
if (status != Z_OK) {
1053-
oidc_jose_error(err, "inflateEnd() failed: %d", status);
1054-
return FALSE;
1049+
goto end;
10551050
}
10561051

10571052
*output_len = (int)zlib.total_out;
10581053
*output = buf;
10591054

1060-
return TRUE;
1055+
rv = TRUE;
1056+
1057+
end:
1058+
1059+
inflateEnd(&zlib);
1060+
1061+
return rv;
10611062
}
10621063

10631064
#endif

0 commit comments

Comments
 (0)