apache · traeak · Aug 18, 2021 · Aug 10, 2021
diff --git a/plugins/experimental/uri_signing/jwt.c b/plugins/experimental/uri_signing/jwt.c
@@ -52,6 +52,7 @@ parse_jwt(json_t *raw)
   }
 
   struct jwt *jwt = malloc(sizeof *jwt);
+  jwt->raw        = raw;
   jwt->iss        = json_string_value(json_object_get(raw, "iss"));
   jwt->sub        = json_string_value(json_object_get(raw, "sub"));
   jwt->aud        = json_object_get(raw, "aud");
@@ -76,7 +77,7 @@ jwt_delete(struct jwt *jwt)
     return;
   }
 
-  json_decref(jwt->aud);
+  json_decref(jwt->raw);
   free(jwt);
 }
 

diff --git a/plugins/experimental/uri_signing/jwt.h b/plugins/experimental/uri_signing/jwt.h
@@ -22,6 +22,7 @@
 #include <jansson.h>
 
 struct jwt {
+  json_t *raw;
   const char *iss;
   const char *sub;
   json_t *aud;

diff --git a/plugins/experimental/uri_signing/parse.c b/plugins/experimental/uri_signing/parse.c
@@ -165,7 +165,7 @@ validate_jws(cjose_jws_t *jws, struct config *cfg, const char *uri, size_t uri_c
   cjose_err cerr;
   memset(&cerr, 0, sizeof(cjose_err));
   size_t pt_ct;
-  const char *pt;
+  char const *pt;
   if (!cjose_jws_get_plaintext(jws, (uint8_t **)&pt, &pt_ct, &cerr)) {
     PluginDebug("Cannot get plaintext for %16p", jws);
     return false;
@@ -175,14 +175,20 @@ validate_jws(cjose_jws_t *jws, struct config *cfg, const char *uri, size_t uri_c
 
   json_error_t jerr;
   memset(&jerr, 0, sizeof(json_error_t));
-  struct jwt *jwt = parse_jwt(json_loadb(pt, pt_ct, 0, &jerr));
-  TimerDebug("parsing jwt");
-  if (!jwt) {
+  json_t *const jwk_json = json_loadb(pt, pt_ct, 0, &jerr);
+  if (!jwk_json) {
     if (jerr.text[0]) {
-      PluginDebug("Cannot parse json for %16p: %.*s '%s'", jws, (int)pt_ct, pt, jerr.text);
+      PluginDebug("Cannot load json for %16p: %.*s '%s'", jws, (int)pt_ct, pt, jerr.text);
     } else {
-      PluginDebug("Cannot parse jwt for %16p: %.*s", jws, (int)pt_ct, pt);
+      PluginDebug("Cannot load json for %16p: %.*s", jws, (int)pt_ct, pt);
     }
+    return false;
+  }
+  struct jwt *jwt = parse_jwt(jwk_json);
+
+  TimerDebug("parsing jwt");
+  if (!jwt) {
+    json_decref(jwk_json);
     return NULL;
   }
 

diff --git a/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc b/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc
@@ -144,16 +144,20 @@ jwt_parsing_helper(const char *jwt_string)
 {
   fprintf(stderr, "Parsing JWT from string: %s\n", jwt_string);
   bool resp;
-  json_error_t jerr = {};
-  size_t pt_ct      = strlen(jwt_string);
-  struct jwt *jwt   = parse_jwt(json_loadb(jwt_string, pt_ct, 0, &jerr));
+  json_error_t jerr             = {};
+  size_t pt_ct                  = strlen(jwt_string);
+  struct json_t *const jwk_json = json_loadb(jwt_string, pt_ct, 0, &jerr);
+  if (!jwk_json) {
+    return false;
+  }
 
-  if (jwt) {
-    resp = jwt_validate(jwt);
-  } else {
-    resp = false;
+  struct jwt *jwt = parse_jwt(jwk_json);
+  if (!jwt) {
+    json_decref(jwk_json);
+    return false;
   }
 
+  resp = jwt_validate(jwt);
   jwt_delete(jwt);
   return resp;
 }
@@ -601,7 +605,6 @@ TEST_CASE("6", "[AudTests]")
     json_t *raw = json_loads("{\"aud\": \"tester\"}", 0, err);
     json_t *aud = json_object_get(raw, "aud");
     REQUIRE(jwt_check_aud(aud, "tester"));
-    json_decref(aud);
     json_decref(raw);
   }
 
@@ -610,7 +613,6 @@ TEST_CASE("6", "[AudTests]")
     json_t *raw = json_loads("{\"aud\": [ \"foo\", \"bar\",  \"tester\"]}", 0, err);
     json_t *aud = json_object_get(raw, "aud");
     REQUIRE(jwt_check_aud(aud, "tester"));
-    json_decref(aud);
     json_decref(raw);
   }
 
@@ -619,7 +621,6 @@ TEST_CASE("6", "[AudTests]")
     json_t *raw = json_loads("{\"aud\": \"foo\"}", 0, err);
     json_t *aud = json_object_get(raw, "aud");
     REQUIRE(!jwt_check_aud(aud, "tester"));
-    json_decref(aud);
     json_decref(raw);
   }
 
@@ -628,7 +629,6 @@ TEST_CASE("6", "[AudTests]")
     json_t *raw = json_loads("{\"aud\": [\"foo\", \"bar\", \"foobar\"]}", 0, err);
     json_t *aud = json_object_get(raw, "aud");
     REQUIRE(!jwt_check_aud(aud, "tester"));
-    json_decref(aud);
     json_decref(raw);
   }
 
@@ -637,7 +637,6 @@ TEST_CASE("6", "[AudTests]")
     json_t *raw = json_loads("{\"aud\": 1}", 0, err);
     json_t *aud = json_object_get(raw, "aud");
     REQUIRE(!jwt_check_aud(aud, "tester"));
-    json_decref(aud);
     json_decref(raw);
   }
 
@@ -646,7 +645,6 @@ TEST_CASE("6", "[AudTests]")
     json_t *raw = json_loads("{\"aud\": [1, \"foo\", \"bar\", \"tester\"]}", 0, err);
     json_t *aud = json_object_get(raw, "aud");
     REQUIRE(jwt_check_aud(aud, "tester"));
-    json_decref(aud);
     json_decref(raw);
   }
 
@@ -655,7 +653,6 @@ TEST_CASE("6", "[AudTests]")
     json_t *raw = json_loads("{\"aud\": \"TESTer\"}", 0, err);
     json_t *aud = json_object_get(raw, "aud");
     REQUIRE(!jwt_check_aud(aud, "tester"));
-    json_decref(aud);
     json_decref(raw);
   }
 
@@ -664,7 +661,6 @@ TEST_CASE("6", "[AudTests]")
     json_t *raw = json_loads("{\"aud\": [1, \"foo\", \"bar\", \"Tester\"]}", 0, err);
     json_t *aud = json_object_get(raw, "aud");
     REQUIRE(!jwt_check_aud(aud, "tester"));
-    json_decref(aud);
     json_decref(raw);
   }
 
@@ -700,13 +696,12 @@ jws_validation_helper(const char *url, const char *package, struct config *cfg)
     return false;
   }
   struct jwt *jwt = validate_jws(jws, cfg, uri_strip, strip_ct);
-  if (jwt) {
-    jwt_delete(jwt);
-    cjose_jws_release(jws);
-    return true;
-  }
   cjose_jws_release(jws);
-  return false;
+  if (!jwt) {
+    return false;
+  }
+  jwt_delete(jwt);
+  return true;
 }
 
 TEST_CASE("8", "[TestsWithConfig]")