[Libreoffice-commits] online.git: wsd/Auth.cpp wsd/Auth.hpp wsd/LOOLWSD.cpp

Michael Meeks (via logerrit) logerrit at kemper.freedesktop.org
Sat Jan 18 18:26:29 UTC 2020 

 wsd/Auth.cpp    |    9 ++++++++-
 wsd/Auth.hpp    |    7 +++++--
 wsd/LOOLWSD.cpp |    1 +
 3 files changed, 14 insertions(+), 3 deletions(-)

New commits:
commit 8cca6dcac8753865f5cea693141a20fec1ea3600
Author:     Michael Meeks <michael.meeks at collabora.com>
AuthorDate: Sat Jan 18 16:36:50 2020 +0000
Commit:     Michael Meeks <michael.meeks at collabora.com>
CommitDate: Sat Jan 18 19:26:10 2020 +0100

    Cleanup JWTAuth token before shutdown.
    
    valgrind had some exciting double-free action on unclean shutdown.
    
    Change-Id: Id7dd3d8ff60387ae51521bd2c74e4d6bcc30ff2e
    Reviewed-on: https://gerrit.libreoffice.org/c/online/+/87025
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
    Reviewed-by: Michael Meeks <michael.meeks at collabora.com>

diff --git a/wsd/Auth.cpp b/wsd/Auth.cpp
index 01f9e4f43..2ffa17b39 100644
--- a/wsd/Auth.cpp
+++ b/wsd/Auth.cpp
@@ -37,7 +37,14 @@ using Poco::Base64Decoder;
 using Poco::Base64Encoder;
 using Poco::OutputLineEndingConverter;
 
-const Poco::Crypto::RSAKey JWTAuth::_key(Poco::Crypto::RSAKey(Poco::Crypto::RSAKey::KL_2048, Poco::Crypto::RSAKey::EXP_LARGE));
+std::unique_ptr<Poco::Crypto::RSAKey> JWTAuth::_key(
+    new Poco::Crypto::RSAKey(Poco::Crypto::RSAKey(Poco::Crypto::RSAKey::KL_2048, Poco::Crypto::RSAKey::EXP_LARGE)));
+
+// avoid obscure doublef rees on exit.
+void JWTAuth::cleanup()
+{
+    _key.reset();
+}
 
 const std::string JWTAuth::getAccessToken()
 {
diff --git a/wsd/Auth.hpp b/wsd/Auth.hpp
index 1220aee21..00256fb1f 100644
--- a/wsd/Auth.hpp
+++ b/wsd/Auth.hpp
@@ -13,6 +13,7 @@
 
 #include <cassert>
 #include <string>
+#include <memory>
 
 #if !MOBILEAPP
 #include <Poco/Crypto/RSADigestEngine.h>
@@ -43,7 +44,7 @@ public:
         : _name(name),
           _sub(sub),
           _aud(aud),
-          _digestEngine(_key, "SHA256")
+          _digestEngine(*_key, "SHA256")
     {
     }
 
@@ -51,6 +52,8 @@ public:
 
     bool verify(const std::string& accessToken) override;
 
+    static void cleanup();
+
 private:
     const std::string createHeader();
 
@@ -65,7 +68,7 @@ private:
     const std::string _sub;
     const std::string _aud;
 
-    static const Poco::Crypto::RSAKey _key;
+    static std::unique_ptr<Poco::Crypto::RSAKey> _key;
     Poco::Crypto::RSADigestEngine _digestEngine;
 };
 
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 0538759ba..3b45fd3de 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -3592,6 +3592,7 @@ void LOOLWSD::cleanup()
 {
 #if !MOBILEAPP
     FileServerRequestHandler::uninitialize();
+    JWTAuth::cleanup();
 
 #if ENABLE_SSL
     // Finally, we no longer need SSL.

More information about the Libreoffice-commits mailing list