php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

ext/phar: Fix memory leaks when verifying OpenSSL signature (#19563)

Browse Source
This commit is contained in:
Gina Peter Banyard
2025-08-23 14:25:42 +01:00
committed by GitHub
parent d74901ae1a
commit f5a3a642c6
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ext/phar/util.c
View File

@@ -1903,6 +1903,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
if (!EVP_SignInit(md_ctx, mdtype)) {
EVP_PKEY_free(key);
EVP_MD_CTX_free(md_ctx);
efree(sigbuf);
if (error) {
spprintf(error, 0, "unable to initialize openssl signature for phar \"%s\"", phar->fname);
@@ -1913,6 +1914,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
while ((sig_len = php_stream_read(fp, (char*)buf, sizeof(buf))) > 0) {
if (!EVP_SignUpdate(md_ctx, buf, sig_len)) {
EVP_PKEY_free(key);
EVP_MD_CTX_free(md_ctx);
efree(sigbuf);
if (error) {
spprintf(error, 0, "unable to update the openssl signature for phar \"%s\"", phar->fname);
@@ -1923,6 +1925,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
if (!EVP_SignFinal (md_ctx, sigbuf, &siglen, key)) {
EVP_PKEY_free(key);
EVP_MD_CTX_free(md_ctx);
efree(sigbuf);
if (error) {
spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
@@ -1932,7 +1935,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
sigbuf[siglen] = '\0';
EVP_PKEY_free(key);
EVP_MD_CTX_destroy(md_ctx);
EVP_MD_CTX_free(md_ctx);
#else
size_t siglen;
sigbuf = NULL;