php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails

Browse Source 
The X509_NAME_oneline() function can return NULL, which will cause a
crash when the string length is computed via add_assoc_string().

Closes GH-21010.
This commit is contained in:
Niels Dossche
2026-01-22 22:09:40 +01:00
parent c2eadb4922
commit 62afc7a2fa
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -34,6 +34,8 @@ PHP NEWS
. Fix memory leaks when sk_X509_new_null() fails. (ndossche)
. Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails.
(ndossche)
. Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails.
(ndossche)
- Phar:
. Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).

5
ext/openssl/openssl.c
View File

@@ -2134,6 +2134,11 @@ PHP_FUNCTION(openssl_x509_parse)
subject_name = X509_get_subject_name(cert);
cert_name = X509_NAME_oneline(subject_name, NULL, 0);
if (cert_name == NULL) {
php_openssl_store_errors();
goto err;
}
add_assoc_string(return_value, "name", cert_name);
OPENSSL_free(cert_name);