php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

openssl: Fix missing error propagation for BIO_printf() calls

Browse Source 
Since these go through a file, this can fail.
For some of these, the error is already checked but not propagated to
userland, causing a "true" return value but an incomplete file.
For others, the error is not checked and can also lead to an incomplete
file.
Solve this by always propagating failure, especially as the other write
calls are already checked for failure.

Closes GH-21360.
This commit is contained in:
ndossche
2026-03-06 17:59:36 +01:00
parent 9ec303edde
commit f92d54b6b5
2 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@@ -23,6 +23,7 @@ PHP NEWS
- OpenSSL:
. Fixed bug GH-21083 (Skip private_key_bits validation for EC/curve-based
keys). (iliaal)
. Fix missing error propagation for BIO_printf() calls. (ndossche)
- PCRE:
. Fixed re-entrancy issue on php_pcre_match_impl, php_pcre_replace_impl,

20
ext/openssl/openssl.c
View File

@@ -5900,16 +5900,21 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
/* tack on extra headers */
if (zheaders) {
ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(zheaders), strindex, zcertval) {
int ret;
zend_string *str = zval_try_get_string(zcertval);
if (UNEXPECTED(!str)) {
goto clean_exit;
}
if (strindex) {
BIO_printf(outfile, "%s: %s\n", ZSTR_VAL(strindex), ZSTR_VAL(str));
ret = BIO_printf(outfile, "%s: %s\n", ZSTR_VAL(strindex), ZSTR_VAL(str));
} else {
BIO_printf(outfile, "%s\n", ZSTR_VAL(str));
ret = BIO_printf(outfile, "%s\n", ZSTR_VAL(str));
}
zend_string_release(str);
if (ret < 0) {
php_openssl_store_errors();
goto clean_exit;
}
} ZEND_HASH_FOREACH_END();
}
@@ -6128,6 +6133,7 @@ PHP_FUNCTION(openssl_pkcs7_sign)
zend_string_release(str);
if (ret < 0) {
php_openssl_store_errors();
goto clean_exit;
}
} ZEND_HASH_FOREACH_END();
}
@@ -6518,16 +6524,21 @@ PHP_FUNCTION(openssl_cms_encrypt)
/* tack on extra headers */
if (zheaders && encoding == ENCODING_SMIME) {
ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(zheaders), strindex, zcertval) {
int ret;
zend_string *str = zval_try_get_string(zcertval);
if (UNEXPECTED(!str)) {
goto clean_exit;
}
if (strindex) {
BIO_printf(outfile, "%s: %s\n", ZSTR_VAL(strindex), ZSTR_VAL(str));
ret = BIO_printf(outfile, "%s: %s\n", ZSTR_VAL(strindex), ZSTR_VAL(str));
} else {
BIO_printf(outfile, "%s\n", ZSTR_VAL(str));
ret = BIO_printf(outfile, "%s\n", ZSTR_VAL(str));
}
zend_string_release(str);
if (ret < 0) {
php_openssl_store_errors();
goto clean_exit;
}
} ZEND_HASH_FOREACH_END();
}
@@ -6807,6 +6818,7 @@ PHP_FUNCTION(openssl_cms_sign)
zend_string_release(str);
if (ret < 0) {
php_openssl_store_errors();
goto clean_exit;
}
} ZEND_HASH_FOREACH_END();
}