Skip to content

Commit

Permalink
fix memory leak in oidc_refresh_token_grant
Browse files Browse the repository at this point in the history
free the parsed id_token that is returned; bump to 2.4.14.4rc5

Signed-off-by: Hans Zandbelt <[email protected]>
  • Loading branch information
zandbelt committed Sep 22, 2023
1 parent 3947b0b commit 109c841
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 5 deletions.
3 changes: 2 additions & 1 deletion ChangeLog
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
09/22/2023
- performance: store userinfo refresh interval in session to avoid parsing JSON on each request
- bump to 2.4.14.4rc4
- fix memory leak in oidc_refresh_token_grant: free the parsed id_token that is returned
- bump to 2.4.14.4rc5

09/20/2023
- performance: skip re-validating cached provider metadata
Expand Down
2 changes: 1 addition & 1 deletion configure.ac
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
AC_INIT([mod_auth_openidc],[2.4.14.4rc4],[[email protected]])
AC_INIT([mod_auth_openidc],[2.4.14.4rc5],[[email protected]])

AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())

Expand Down
9 changes: 6 additions & 3 deletions src/mod_auth_openidc.c
Original file line number Diff line number Diff line change
Expand Up @@ -1077,6 +1077,8 @@ static apr_byte_t oidc_refresh_token_grant(request_rec *r, oidc_cfg *c,
char *s_token_type = NULL;
char *s_access_token = NULL;
char *s_refresh_token = NULL;
oidc_jwt_t *id_token_jwt = NULL;
oidc_jose_error_t err;

/* refresh the tokens by calling the token endpoint */
if (oidc_proto_refresh_request(r, c, provider, refresh_token, &s_id_token,
Expand All @@ -1103,15 +1105,13 @@ static apr_byte_t oidc_refresh_token_grant(request_rec *r, oidc_cfg *c,

/* if we have a new id_token, store it in the session and update the session max lifetime if required */
if (s_id_token != NULL) {

/* only store the serialized representation when configured so */
if (c->store_id_token == TRUE)
oidc_session_set_idtoken(r, session, s_id_token);

oidc_jwt_t *id_token_jwt = NULL;
oidc_jose_error_t err;
if (oidc_jwt_parse(r->pool, s_id_token, &id_token_jwt, NULL, FALSE,
&err) == TRUE) {

/* store the claims payload in the id_token for later reference */
oidc_session_set_idtoken_claims(r, session,
id_token_jwt->payload.value.str);
Expand All @@ -1134,6 +1134,9 @@ static apr_byte_t oidc_refresh_token_grant(request_rec *r, oidc_cfg *c,
} else {
oidc_warn(r, "parsing of id_token failed");
}

if (id_token_jwt != NULL)
oidc_jwt_destroy(id_token_jwt);
}

return TRUE;
Expand Down

0 comments on commit 109c841

Please sign in to comment.