Merge branch 'PHP-8.3' into PHP-8.4

2026-03-24 00:02:20 +01:00 · 2025-08-23 15:27:25 +02:00
parent 62e30ecae1 e46f77c861
commit 20c274b688
2 changed files with 7 additions and 1 deletions
--- a/3
+++ b/3
@@ -21,6 +21,9 @@ PHP                                                                        NEWS
  . Fixed bug GH-19485 (potential use after free when using persistent pgsql
    connections). (Mark Karpeles)

+- Phar:
+  . Fixed memory leaks when verifying OpenSSL signature. (Girgias)
+
 - Standard:
  . Fixed bug GH-16649 (UAF during array_splice). (alexandre-daubois)

--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1952,6 +1952,7 @@ zend_result phar_create_signature(phar_archive_data *phar, php_stream *fp, char

 			if (!EVP_SignInit(md_ctx, mdtype)) {
 				EVP_PKEY_free(key);
+				EVP_MD_CTX_free(md_ctx);
 				efree(sigbuf);
 				if (error) {
 					spprintf(error, 0, "unable to initialize openssl signature for phar \"%s\"", phar->fname);
@@ -1962,6 +1963,7 @@ zend_result phar_create_signature(phar_archive_data *phar, php_stream *fp, char
 			while ((sig_len = php_stream_read(fp, (char*)buf, sizeof(buf))) > 0) {
 				if (!EVP_SignUpdate(md_ctx, buf, sig_len)) {
 					EVP_PKEY_free(key);
+					EVP_MD_CTX_free(md_ctx);
 					efree(sigbuf);
 					if (error) {
 						spprintf(error, 0, "unable to update the openssl signature for phar \"%s\"", phar->fname);
@@ -1972,6 +1974,7 @@ zend_result phar_create_signature(phar_archive_data *phar, php_stream *fp, char

 			if (!EVP_SignFinal (md_ctx, sigbuf, &siglen, key)) {
 				EVP_PKEY_free(key);
+				EVP_MD_CTX_free(md_ctx);
 				efree(sigbuf);
 				if (error) {
 					spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
@@ -1981,7 +1984,7 @@ zend_result phar_create_signature(phar_archive_data *phar, php_stream *fp, char

 			sigbuf[siglen] = '\0';
 			EVP_PKEY_free(key);
-			EVP_MD_CTX_destroy(md_ctx);
+			EVP_MD_CTX_free(md_ctx);
 #else
 			size_t siglen;
 			sigbuf = NULL;