Fix memory leak in phar tar temporary file error handling code

Closes GH-19740.
2026-03-24 00:02:20 +01:00 · 2025-09-06 22:22:55 +02:00
parent ebbed484fb
commit 2f162214e8
2 changed files with 8 additions and 0 deletions
--- a/1
+++ b/1
@@ -39,6 +39,7 @@ PHP                                                                        NEWS

 - Phar:
  . Fixed memory leaks when verifying OpenSSL signature. (Girgias)
+  . Fix memory leak in phar tar temporary file error handling code. (nielsdos)

 - Standard:
  . Fixed bug GH-16649 (UAF during array_splice). (alexandre-daubois)
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -1211,6 +1211,7 @@ nostub:
 	}

 	zend_hash_apply_with_argument(&phar->manifest, phar_tar_writeheaders, (void *) &pass);
+	/* TODO: memory leak and incorrect continuation if phar_tar_writeheaders fails? */

 	/* add signature for executable tars or tars explicitly set with setSignatureAlgorithm */
 	if (!phar->is_data || phar->sig_flags) {
@@ -1234,6 +1235,12 @@ nostub:
 		entry.fp = php_stream_fopen_tmpfile();
 		if (entry.fp == NULL) {
 			spprintf(error, 0, "phar error: unable to create temporary file");
+
+			efree(signature);
+			if (closeoldfile) {
+				php_stream_close(oldfile);
+			}
+			php_stream_close(newfile);
 			return EOF;
 		}
 #ifdef WORDS_BIGENDIAN