Merge branch 'PHP-8.3' into PHP-8.4

* PHP-8.3: Fix memory leak in openssl_sign() when passing invalid algorithm
2026-03-24 00:02:20 +01:00 · 2025-04-02 20:18:57 +02:00
parent 79dc7a2d26 74720a22f3
commit d689ff63e8
3 changed files with 23 additions and 0 deletions
--- a/4
+++ b/4
@@ -12,6 +12,10 @@ PHP                                                                        NEWS
  . Fixed imagecrop() overflow with rect argument with x/width y/heigh usage
    in gdImageCrop(). (David Carlier)
 - OpenSSL:
  . Fix memory leak in openssl_sign() when passing invalid algorithm.
    (nielsdos)
 - Standard:
  . Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()).
    (Jakub Zelenka)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -7162,6 +7162,7 @@ PHP_FUNCTION(openssl_sign)
 		mdtype = php_openssl_get_evp_md_from_algo(method_long);
 	}
 	if (!mdtype && (!can_default_digest || method_long != 0)) {
 		EVP_PKEY_free(pkey);
 		php_error_docref(NULL, E_WARNING, "Unknown digest algorithm");
 		RETURN_FALSE;
 	}
--- a/ext/openssl/tests/openssl_sign_invalid_algorithm.phpt
+++ b/ext/openssl/tests/openssl_sign_invalid_algorithm.phpt
@@ -0,0 +1,18 @@
 --TEST--
 openssl_sign: invalid algorithm
 --EXTENSIONS--
 openssl
 --FILE--
 <?php
 $dir = __DIR__;
 $file_pub = $dir . '/bug37820cert.pem';
 $file_key = $dir . '/bug37820key.pem';
 $priv_key = file_get_contents($file_key);
 $priv_key_id = openssl_get_privatekey($priv_key);
 $data = "some custom data";
 openssl_sign($data, $signature, $priv_key_id, "invalid algo");
 ?>
 --EXPECTF--
 Warning: openssl_sign(): Unknown digest algorithm in %s on line %d