php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.5'

Browse Source 
* PHP-8.5:
  Update NEWS for OpenSSL changes
  Fix memory leaks in openssl_cms_encrypt() when push fails
  Fix memory leaks in openssl_pkcs7_encrypt() when push fails
  Fix missing error propagation when php_array_to_X509_sk() fails
  Fix memory leaks in php_array_to_X509_sk() when push fails
  Fix memory leak in php_openssl_load_all_certs_from_file() when push fails
This commit is contained in:
ndossche
2026-02-17 21:47:55 +01:00
parent da43645515 e8a274e3dd
commit 5a608bb1ba
2 changed files with 41 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
ext/openssl/openssl.c
View File

@@ -1283,8 +1283,6 @@ PHP_FUNCTION(openssl_x509_free)
}
/* }}} */
/* }}} */
/* {{{ Creates and exports a PKCS to file */
PHP_FUNCTION(openssl_pkcs12_export_to_file)
{
@@ -1350,6 +1348,9 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {
ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");
if (!ca) {
goto cleanup;
}
}
/* end parse extra config */
@@ -1443,6 +1444,9 @@ PHP_FUNCTION(openssl_pkcs12_export)
if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {
ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");
if (!ca) {
goto cleanup;
}
}
/* end parse extra config */
@@ -2662,7 +2666,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
goto clean_exit;
}
}
sk_X509_push(recipcerts, cert);
if (sk_X509_push(recipcerts, cert) <= 0) {
X509_free(cert);
goto clean_exit;
}
} ZEND_HASH_FOREACH_END();
} else {
/* a single certificate */
@@ -2683,7 +2690,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
goto clean_exit;
}
}
sk_X509_push(recipcerts, cert);
if (sk_X509_push(recipcerts, cert) <= 0) {
X509_free(cert);
goto clean_exit;
}
}
/* sanity check the cipher */
@@ -3278,7 +3288,10 @@ PHP_FUNCTION(openssl_cms_encrypt)
goto clean_exit;
}
}
sk_X509_push(recipcerts, cert);
if (sk_X509_push(recipcerts, cert) <= 0) {
php_openssl_store_errors();
goto clean_exit;
}
} ZEND_HASH_FOREACH_END();
} else {
/* a single certificate */
@@ -3298,7 +3311,10 @@ PHP_FUNCTION(openssl_cms_encrypt)
goto clean_exit;
}
}
sk_X509_push(recipcerts, cert);
if (sk_X509_push(recipcerts, cert) <= 0) {
php_openssl_store_errors();
goto clean_exit;
}
}
/* sanity check the cipher */

30
ext/openssl/openssl_backend_common.c
View File

@@ -692,21 +692,13 @@ STACK_OF(X509) *php_openssl_load_all_certs_from_file(
X509_INFO *xi;
char cert_path[MAXPATHLEN];
if(!(stack = sk_X509_new_null())) {
php_openssl_store_errors();
php_error_docref(NULL, E_ERROR, "Memory allocation failure");
goto end;
}
if (!php_openssl_check_path(cert_file, cert_file_len, cert_path, arg_num)) {
sk_X509_free(stack);
goto end;
}
if (!(in = BIO_new_file(cert_path, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY)))) {
php_openssl_store_errors();
php_error_docref(NULL, E_WARNING, "Error opening the file, %s", cert_path);
sk_X509_free(stack);
goto end;
}
@@ -714,7 +706,11 @@ STACK_OF(X509) *php_openssl_load_all_certs_from_file(
if (!(sk = php_openssl_pem_read_bio_x509_info(in))) {
php_openssl_store_errors();
php_error_docref(NULL, E_WARNING, "Error reading the file, %s", cert_path);
sk_X509_free(stack);
goto end;
}
if(!(stack = sk_X509_new_reserve(NULL, sk_X509_INFO_num(sk)))) {
php_openssl_store_errors();
goto end;
}
@@ -886,7 +882,10 @@ STACK_OF(X509) *php_openssl_array_to_X509_sk(zval * zcerts, uint32_t arg_num, co
}
}
sk_X509_push(sk, cert);
if (sk_X509_push(sk, cert) <= 0) {
X509_free(cert);
goto push_fail_exit;
}
} ZEND_HASH_FOREACH_END();
} else {
/* a single certificate */
@@ -904,11 +903,20 @@ STACK_OF(X509) *php_openssl_array_to_X509_sk(zval * zcerts, uint32_t arg_num, co
goto clean_exit;
}
}
sk_X509_push(sk, cert);
if (sk_X509_push(sk, cert) <= 0) {
X509_free(cert);
goto push_fail_exit;
}
}
clean_exit:
return sk;
push_fail_exit:
php_openssl_store_errors();
php_openssl_sk_X509_free(sk);
sk = NULL;
goto clean_exit;
}
zend_result php_openssl_csr_add_subj_entry(zval *item, X509_NAME *subj, int nid)