archived-php-src

mirror of https://github.com/php/php-src.git synced 2026-04-29 03:03:26 +02:00

Author	SHA1	Message	Date
ndossche	f6887f04f6	Fix memory leaks in openssl_cms_encrypt() when push fails	2026-02-17 21:39:51 +01:00
ndossche	556ec77951	Fix memory leaks in openssl_pkcs7_encrypt() when push fails	2026-02-17 21:39:51 +01:00
ndossche	ef54becb3e	Fix missing error propagation when php_array_to_X509_sk() fails Execution shouldn't continue if this fails because it can give the wrong results.	2026-02-17 21:39:51 +01:00
ndossche	01d598aea3	Fix memory leaks in php_array_to_X509_sk() when push fails	2026-02-17 21:39:50 +01:00
ndossche	4b9e80eae9	Fix memory leak in php_openssl_load_all_certs_from_file() when push fails	2026-02-17 21:39:50 +01:00
Niels Dossche	62afc7a2fa	Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails The X509_NAME_oneline() function can return NULL, which will cause a crash when the string length is computed via add_assoc_string(). Closes GH-21010.	2026-01-23 14:59:08 +01:00
Niels Dossche	c2eadb4922	Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails The X509_NAME_oneline() function can return NULL, which will cause a crash when the string length is computed via add_assoc_string(). Closes GH-21011.	2026-01-23 14:58:39 +01:00
Niels Dossche	7754eafb1f	Fix memory leaks when sk_X509_new_null() fails In a lot of places the return value is not checked, and when the function fails the code continues execution. However, this means that operations on the stack fail and will cause memory leaks on the objects that weren't pushed. We also notice an inconsistency in how these failures are handled. For example, in one place we explicitly have a fatal error `php_error_docref(NULL, E_ERROR, "Memory allocation failure");` but this is the only place to do so. Closes GH-20957.	2026-01-22 22:37:14 +01:00
David Carlier	cdcc0c2cd8	Fix GH-20802: undefined behavior with invalid SNI_server_certs options. close GH-20803	2026-01-01 21:08:35 +00:00
Jakub Zelenka	2a0931d347	Merge branch 'PHP-8.3' into PHP-8.4 * PHP-8.3: Fix GH-19798: XP_SOCKET XP_SSL: Incorrect condition for Win	2025-10-23 15:22:21 +02:00
Jakub Zelenka	eef11e048d	Fix GH-19798: XP_SOCKET XP_SSL: Incorrect condition for Win This fixes incorrect type conversion and subsequent check for Windows where returned socket is not an int. It should be noted that this is not really an issue as previous int would get negative so the check should still work. The issue actually happens only in master (PHP 8.5) where refactoring has been done and the type changed. Closes GH-19881	2025-10-23 15:11:14 +02:00
Ilija Tovilo	ed8a45c8e9	Merge branch 'PHP-8.3' into PHP-8.4 * PHP-8.3: [skip ci] Also skip check_default_conf_path.phpt on Windows & 8.2 Revert "Fix Windows test for openssl-3.5 upgrade (#19384)"	2025-10-21 01:25:24 +02:00
Ilija Tovilo	b751582705	Merge branch 'PHP-8.2' into PHP-8.3 * PHP-8.2: [skip ci] Also skip check_default_conf_path.phpt on Windows & 8.2 Revert "Fix Windows test for openssl-3.5 upgrade (#19384)"	2025-10-21 01:25:06 +02:00
Ilija Tovilo	f65a574a36	[skip ci] Also skip check_default_conf_path.phpt on Windows & 8.2 I don't know why the output is different only in 8.2. Revert for now to make CI happy.	2025-10-21 01:23:58 +02:00
Ilija Tovilo	3f6c86a885	Revert "Fix Windows test for openssl-3.5 upgrade (#19384 )" This reverts commit `0e17dcfe54`.	2025-10-21 01:23:29 +02:00
Ilija Tovilo	1bfe9340b7	[skip ci] Skip openssl tests currently failing on 8.2	2025-10-21 00:55:08 +02:00
Ilija Tovilo	43621e1e3c	Merge branch 'PHP-8.3' into PHP-8.4 * PHP-8.3: Fix Windows test for openssl-3.5 upgrade (#19384)	2025-10-21 00:40:27 +02:00
Ilija Tovilo	5d8a3925d2	Merge branch 'PHP-8.2' into PHP-8.3 * PHP-8.2: Fix Windows test for openssl-3.5 upgrade (#19384)	2025-10-21 00:40:21 +02:00
Shivam Mathur	0e17dcfe54	Fix Windows test for openssl-3.5 upgrade (#19384 ) * Fix Windows test for openssl-3.5 upgrade * Update ext/openssl/tests/check_default_conf_path.phpt Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de> --------- Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>	2025-10-21 00:40:14 +02:00
Jakub Zelenka	c8a4207400	Merge branch 'PHP-8.3' into PHP-8.4	2025-08-12 17:29:18 +02:00
Jakub Zelenka	2b415e416e	Fix GH-19245: Success error message on TLS stream accept failure This overwrites the previous message from the successful accept call. Closes GH-19246	2025-08-12 17:28:33 +02:00
Jakub Zelenka	f52a59ff4f	Merge branch 'PHP-8.3' into PHP-8.4	2025-08-09 17:44:25 +02:00
Jakub Zelenka	9e2aa658a8	Fix GH-19428: openssl_pkey_derive segfaults for DH derive with low key_length This happens only for OpenSSL 1.1.1 because key_length is ignored for DH. It means that the provided string is overwritten with longer buffer.	2025-08-09 17:43:04 +02:00
Niels Dossche	0f731b455c	Merge branch 'PHP-8.3' into PHP-8.4 * PHP-8.3: Fix error return check of EVP_CIPHER_CTX_ctrl() Fix memleak on failure in collator_get_sort_key()	2025-07-15 20:38:22 +02:00
Niels Dossche	cd8722304c	Fix error return check of EVP_CIPHER_CTX_ctrl() OpenSSL can return -1 on error [1, 2], and OpenBSD's docs confirm this [3]. Change all checks to <= 0. [1] https://github.com/openssl/openssl/blob/b3161bd9a9329be3d6bf6b29a06835e2721898bb/crypto/evp/evp_enc.c#L1530-L1531 [2] https://github.com/openssl/openssl/blob/b3161bd9a9329be3d6bf6b29a06835e2721898bb/crypto/evp/evp_enc.c#L1611 [3] https://man.openbsd.org/EVP_CIPHER_CTX_ctrl.3 Closes GH-18987.	2025-07-15 20:37:33 +02:00
Niels Dossche	f938f356cb	Merge branch 'PHP-8.3' into PHP-8.4 * PHP-8.3: Fix GH-18986: OpenSSL backend: incorrect RAND_{load,write}_file() return value check	2025-07-15 18:50:46 +02:00
Niels Dossche	a8086be81c	Fix GH-18986: OpenSSL backend: incorrect RAND_{load,write}_file() return value check As noted by the LibreSSL maintainer, these functions return -1 on error. This is further confirmed by my static analyzer that inferred the same thing for OpenSSL. Closes GH-19013.	2025-07-15 18:50:19 +02:00
Jakub Zelenka	0d19984cda	Merge branch 'PHP-8.3' into PHP-8.4	2025-07-15 11:24:34 +02:00
Jakub Zelenka	6b2b60f683	Fix bug #80770 : openssl cafile not used in SNI SSL_CTX The issue is about not being able to connect as cafile for SNI is not used in its SSL context. This sets it up so it is possible to capture the client certificate which is only possible when verify_peer is true. Closes GH-18893	2025-07-15 11:23:10 +02:00
Jakub Zelenka	7a15d2a5c0	Merge branch 'PHP-8.3' into PHP-8.4	2025-06-05 18:05:24 +02:00
Jakub Zelenka	444cc78a3e	Skip OpenSSL proxy test for bug #74796 on Windows	2025-06-05 16:18:06 +02:00
Jakub Zelenka	086a470208	Merge branch 'PHP-8.3' into PHP-8.4	2025-06-05 14:10:57 +02:00
Jakub Zelenka	42f6c15186	Fix bug #74796 : Requests through http proxy set peer name This issue happens because http wrapper sets peer_name but then does not remove so it stays in the context. The fix removes the peer name from the context after enabling crypto. In addition to bug #74796, this also fixes bug #76196. In addition it should be a final fix for those SOAP bugs: bug #69783 bug #52913 bug #61463	2025-06-05 14:08:28 +02:00
Niels Dossche	87ff5479fc	Merge branch 'PHP-8.3' into PHP-8.4 * PHP-8.3: Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure	2025-06-03 23:46:21 +02:00
Niels Dossche	08a9579883	Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure Closes GH-18750.	2025-06-03 23:45:51 +02:00
Niels Dossche	1e94f3423b	Merge branch 'PHP-8.3' into PHP-8.4 * PHP-8.3: Split off php_set_sock_blocking() and s.is_blocked to a separate function Fix missing checks against php_set_blocking() in xp_ssl.c	2025-05-20 08:08:39 +02:00
Niels Dossche	1863014fbd	Split off php_set_sock_blocking() and s.is_blocked to a separate function This makes it harder to forget the check and keeps the variable and function call consistent. Closes GH-18604.	2025-05-20 08:08:06 +02:00
Niels Dossche	31ebb42268	Fix missing checks against php_set_blocking() in xp_ssl.c	2025-05-20 08:07:34 +02:00
Niels Dossche	8a927c284d	Merge branch 'PHP-8.3' into PHP-8.4 * PHP-8.3: Fix potential leaks when writing to BIO fails	2025-04-11 21:02:59 +02:00
Niels Dossche	29f96fb1f1	Fix potential leaks when writing to BIO fails When the BIO is created but writing fails, these can leak. Closes GH-18186.	2025-04-11 21:02:37 +02:00
Niels Dossche	a6e76ac010	Merge branch 'PHP-8.3' into PHP-8.4 * PHP-8.3: Fix inverted call to php_openssl_store_errors() Fix openssl_random_pseudo_bytes() always setting strong_result to true	2025-04-02 20:25:32 +02:00
Niels Dossche	5e68671f88	Fix inverted call to php_openssl_store_errors() This calls php_openssl_store_errors() in the success path right now, change it to call php_openssl_store_errors() in the error path.	2025-04-02 20:25:21 +02:00
Niels Dossche	0dc600c69a	Fix openssl_random_pseudo_bytes() always setting strong_result to true This regressed in `62c7432f`, prior to that commit the value was set to false in case random number generation failed, but now even if an exception is thrown it is set to true. This likely does not _really_ matter as the user will handle the exception, still the value in $strong_result is observable.	2025-04-02 20:25:21 +02:00
Niels Dossche	d689ff63e8	Merge branch 'PHP-8.3' into PHP-8.4 * PHP-8.3: Fix memory leak in openssl_sign() when passing invalid algorithm	2025-04-02 20:18:57 +02:00
Niels Dossche	74720a22f3	Fix memory leak in openssl_sign() when passing invalid algorithm Closes GH-18185.	2025-04-02 20:15:53 +02:00
Jakub Zelenka	4936c32772	Merge branch 'PHP-8.3' into PHP-8.4	2025-02-28 14:51:52 +01:00
Jakub Zelenka	6bb56fe0cf	Change openssl_x509_verify test to use cert generator (#17882 ) This also prevents verifying cert with SHA1 signature	2025-02-28 14:51:12 +01:00
Jakub Zelenka	d2977b026f	Merge branch 'PHP-8.3' into PHP-8.4	2024-12-31 15:20:06 +01:00
Jakub Zelenka	e0dabe326f	Merge branch 'PHP-8.2' into PHP-8.3	2024-12-31 15:05:18 +01:00
Jakub Zelenka	37504f123d	Port OpenSSL gh10495, gh13860 and gh9310 test to use ephemeral ports	2024-12-31 15:02:08 +01:00

1 2 3 4 5 ...

2022 Commits