php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.4'

Browse Source 
* PHP-8.4:
  Fix memory leak in openssl_sign() when passing invalid algorithm
This commit is contained in:
Niels Dossche
2025-04-02 20:24:13 +02:00
parent c10afa9643 d689ff63e8
commit a39725b793
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ext/openssl/openssl.c
View File

@@ -3968,6 +3968,7 @@ PHP_FUNCTION(openssl_sign)
mdtype = php_openssl_get_evp_md_from_algo(method_long);
}
if (!mdtype && (!can_default_digest || method_long != 0)) {
EVP_PKEY_free(pkey);
php_error_docref(NULL, E_WARNING, "Unknown digest algorithm");
RETURN_FALSE;
}

18
ext/openssl/tests/openssl_sign_invalid_algorithm.phpt Normal file
View File

@@ -0,0 +1,18 @@
--TEST--
openssl_sign: invalid algorithm
--EXTENSIONS--
openssl
--FILE--
<?php
$dir = __DIR__;
$file_pub = $dir . '/bug37820cert.pem';
$file_key = $dir . '/bug37820key.pem';
$priv_key = file_get_contents($file_key);
$priv_key_id = openssl_get_privatekey($priv_key);
$data = "some custom data";
openssl_sign($data, $signature, $priv_key_id, "invalid algo");
?>
--EXPECTF--
Warning: openssl_sign(): Unknown digest algorithm in %s on line %d