[V4] Fix memory bug when loading keys (#208)

ptoffy · 0xTim · web-flow · commit 13e7513b3ba0 · 2024-11-04T11:10:03.000+01:00
Fix leaking pointer

Co-authored-by: Tim Condon &lt;0xTim@users.noreply.github.com&gt;
diff --git a/Sources/JWTKit/Utilities/OpenSSLSigner.swift b/Sources/JWTKit/Utilities/OpenSSLSigner.swift
@@ -1,5 +1,5 @@
-import Foundation
 @_implementationOnly import CJWTKitBoringSSL
+import Foundation
 
 protocol OpenSSLSigner {
     var algorithm: OpaquePointer { get }
@@ -33,23 +33,25 @@ extension OpenSSLSigner {
         guard CJWTKitBoringSSL_EVP_DigestFinal_ex(context, &digest, &digestLength) == 1 else {
             throw JWTError.signingAlgorithmFailure(OpenSSLError.digestFinalizationFailure)
         }
-        return .init(digest[0..<Int(digestLength)])
+        return .init(digest[0 ..< Int(digestLength)])
     }
 }
 
-protocol OpenSSLKey { }
+protocol OpenSSLKey {}
 
 extension OpenSSLKey {
     static func load<Data, T>(pem data: Data, _ closure: (UnsafeMutablePointer<BIO>) -> (T?)) throws -> T
         where Data: DataProtocol
     {
-        let bytes = data.copyBytes()
-        let bio = CJWTKitBoringSSL_BIO_new_mem_buf(bytes, numericCast(bytes.count))
-        defer { CJWTKitBoringSSL_BIO_free(bio) }
-        
-        guard let bioPtr = bio, let c = closure(bioPtr) else {
-            throw JWTError.signingAlgorithmFailure(OpenSSLError.bioConversionFailure)
+        try data.copyBytes().withUnsafeBytes { (bytes: UnsafeRawBufferPointer) in
+            let bio = CJWTKitBoringSSL_BIO_new_mem_buf(bytes.baseAddress, numericCast(bytes.count))
+
+            defer { CJWTKitBoringSSL_BIO_free(bio) }
+
+            guard let bioPtr = bio, let c = closure(bioPtr) else {
+                throw JWTError.signingAlgorithmFailure(OpenSSLError.bioConversionFailure)
+            }
+            return c
         }
-        return c
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`		`-import Foundation`
`2`	`1`	`@_implementationOnly import CJWTKitBoringSSL`
	`2`	`+import Foundation`
`3`	`3`
`4`	`4`	`protocol OpenSSLSigner {`
`5`	`5`	`var algorithm: OpaquePointer { get }`
`@@ -33,23 +33,25 @@ extension OpenSSLSigner {`
`33`	`33`	`guard CJWTKitBoringSSL_EVP_DigestFinal_ex(context, &digest, &digestLength) == 1 else {`
`34`	`34`	`throw JWTError.signingAlgorithmFailure(OpenSSLError.digestFinalizationFailure)`
`35`	`35`	`}`
`36`		`- return .init(digest[0..<Int(digestLength)])`
	`36`	`+ return .init(digest[0 ..< Int(digestLength)])`
`37`	`37`	`}`
`38`	`38`	`}`
`39`	`39`
`40`		`-protocol OpenSSLKey { }`
	`40`	`+protocol OpenSSLKey {}`
`41`	`41`
`42`	`42`	`extension OpenSSLKey {`
`43`	`43`	`static func load<Data, T>(pem data: Data, _ closure: (UnsafeMutablePointer<BIO>) -> (T?)) throws -> T`
`44`	`44`	`where Data: DataProtocol`
`45`	`45`	`{`
`46`		`- let bytes = data.copyBytes()`
`47`		`- let bio = CJWTKitBoringSSL_BIO_new_mem_buf(bytes, numericCast(bytes.count))`
`48`		`- defer { CJWTKitBoringSSL_BIO_free(bio) }`
`49`		`-`
`50`		`- guard let bioPtr = bio, let c = closure(bioPtr) else {`
`51`		`- throw JWTError.signingAlgorithmFailure(OpenSSLError.bioConversionFailure)`
	`46`	`+ try data.copyBytes().withUnsafeBytes { (bytes: UnsafeRawBufferPointer) in`
	`47`	`+ let bio = CJWTKitBoringSSL_BIO_new_mem_buf(bytes.baseAddress, numericCast(bytes.count))`
	`48`	`+`
	`49`	`+ defer { CJWTKitBoringSSL_BIO_free(bio) }`
	`50`	`+`
	`51`	`+ guard let bioPtr = bio, let c = closure(bioPtr) else {`
	`52`	`+ throw JWTError.signingAlgorithmFailure(OpenSSLError.bioConversionFailure)`
	`53`	`+ }`
	`54`	`+ return c`
`52`	`55`	`}`
`53`		`- return c`
`54`	`56`	`}`
`55`	`57`	`}`