diff --git a/NEWS b/NEWS index 339a7dadad0..fe3239269e7 100644 --- a/NEWS +++ b/NEWS @@ -35,6 +35,10 @@ PHP NEWS . Fixed bug GH-16572 (Incorrect result with reflection in low-trigger JIT). (nielsdos) +- OpenSSL: + . Fix various memory leaks on error conditions in openssl_x509_parse(). + (nielsdos) + - PDO: . Fixed bug GH-16167 (Prevent mixing PDO sub-classes with different DSN). (kocsismate) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index f6994a06c54..caef462f02a 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -2153,7 +2153,7 @@ PHP_FUNCTION(openssl_x509_parse) /* Can return NULL on error or memory allocation failure */ if (!bn_serial) { php_openssl_store_errors(); - RETURN_FALSE; + goto err; } hex_serial = BN_bn2hex(bn_serial); @@ -2161,7 +2161,7 @@ PHP_FUNCTION(openssl_x509_parse) /* Can return NULL on error or memory allocation failure */ if (!hex_serial) { php_openssl_store_errors(); - RETURN_FALSE; + goto err; } str_serial = i2s_ASN1_INTEGER(NULL, asn1_serial); @@ -2233,19 +2233,15 @@ PHP_FUNCTION(openssl_x509_parse) bio_out = BIO_new(BIO_s_mem()); if (bio_out == NULL) { php_openssl_store_errors(); - RETURN_FALSE; + goto err_subitem; } if (nid == NID_subject_alt_name) { if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { BIO_get_mem_ptr(bio_out, &bio_buf); add_assoc_stringl(&subitem, extname, bio_buf->data, bio_buf->length); } else { - zend_array_destroy(Z_ARR_P(return_value)); BIO_free(bio_out); - if (cert_str) { - X509_free(cert); - } - RETURN_FALSE; + goto err_subitem; } } else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { @@ -2260,6 +2256,16 @@ PHP_FUNCTION(openssl_x509_parse) if (cert_str) { X509_free(cert); } + return; + +err_subitem: + zval_ptr_dtor(&subitem); +err: + zend_array_destroy(Z_ARR_P(return_value)); + if (cert_str) { + X509_free(cert); + } + RETURN_FALSE; } /* }}} */