php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory leaks when sk_X509_new_null() fails

Browse Source 
In a lot of places the return value is not checked, and when the
function fails the code continues execution. However, this means that
operations on the stack fail and will cause memory leaks on the objects
that weren't pushed.

We also notice an inconsistency in how these failures are handled.
For example, in one place we explicitly have a fatal error
`php_error_docref(NULL, E_ERROR, "Memory allocation failure");`
but this is the only place to do so.

Closes GH-20957.
This commit is contained in:
Niels Dossche
2026-01-17 12:33:42 +01:00
parent d9cbc3117c
commit 7754eafb1f
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@@ -30,6 +30,9 @@ PHP NEWS
. Fixed bug GH-20818 (Segfault in Tracing JIT with object reference).
(khasinski)
- OpenSSL:
. Fix memory leaks when sk_X509_new_null() fails. (ndossche)
- Phar:
. Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
(ndossche)

9
ext/openssl/openssl.c
View File

@@ -2552,6 +2552,9 @@ static STACK_OF(X509) *php_array_to_X509_sk(zval * zcerts, uint32_t arg_num, con
bool free_cert;
sk = sk_X509_new_null();
if (sk == NULL) {
goto clean_exit;
}
/* get certs */
if (Z_TYPE_P(zcerts) == IS_ARRAY) {
@@ -5797,6 +5800,9 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
}
recipcerts = sk_X509_new_null();
if (recipcerts == NULL) {
goto clean_exit;
}
/* get certs */
if (Z_TYPE_P(zrecipcerts) == IS_ARRAY) {
@@ -6404,6 +6410,9 @@ PHP_FUNCTION(openssl_cms_encrypt)
}
recipcerts = sk_X509_new_null();
if (recipcerts == NULL) {
goto clean_exit;
}
/* get certs */
if (Z_TYPE_P(zrecipcerts) == IS_ARRAY) {