Merge branch 'PHP-8.4' into PHP-8.5

* PHP-8.4: phar: Fix memory leak when openssl polyfill returns garbage
2026-03-24 00:02:20 +01:00 · 2025-10-20 22:04:17 +02:00
parent 9e9663782c 4c043d89ec
commit 90eabf57ab
2 changed files with 37 additions and 0 deletions
--- a/ext/phar/tests/openssl_sign_invalid_polyfill_return_value.phpt
+++ b/ext/phar/tests/openssl_sign_invalid_polyfill_return_value.phpt
@@ -0,0 +1,34 @@
+--TEST--
+openssl_sign() polyfill with wrong return value
+--EXTENSIONS--
+phar
+--SKIPIF--
+<?php
+if (getenv('SKIP_SLOW_TESTS')) die('skip');
+if (function_exists('openssl_sign')) die('skip requires openssl disabled for mocking purposes');
+?>
+--INI--
+phar.require_hash=0
+--FILE--
+<?php
+$fname = __DIR__ . '/' . basename(__FILE__, '.php') . '.tar';
+
+function openssl_sign() {
+    return str_repeat('foobar', random_int(1, 1));
+}
+
+$phar = new PharData($fname);
+$phar->setSignatureAlgorithm(Phar::OPENSSL, "randomcrap");
+try {
+    $phar->addEmptyDir('blah');
+} catch (PharException $e) {
+    echo $e->getMessage();
+}
+
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.tar');
+?>
+--EXPECTF--
+phar error: unable to write signature to tar-based phar: unable to write phar "%s" with requested openssl signature
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1500,6 +1500,9 @@ static zend_result phar_call_openssl_signverify(bool is_sign, php_stream *fp, ze
 			*signature_len = Z_STRLEN(zp[1]);
 			zval_ptr_dtor(&zp[1]);
 			return SUCCESS;
+		default:
+			zval_ptr_dtor(&retval);
+			ZEND_FALLTHROUGH;
 		case IS_FALSE:
 		default:
 			zval_ptr_dtor(&zp[1]);