Merge branch 'PHP-8.5'

ndossche · ndossche · commit 1b7449f733bd · 2026-04-04T12:45:57.000+02:00
* PHP-8.5:
  Add missing error check on SSL_set_ex_data()
  Fix UB and error propagation when X509_gmtime_adj() fails
  Fix memory leaks when BN_bin2bn() fails
  Add missing error check on BN_CTX_new()
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -1834,8 +1834,11 @@ PHP_FUNCTION(openssl_csr_sign)
 		php_openssl_store_errors();
 		goto cleanup;
 	}
-	X509_gmtime_adj(X509_getm_notBefore(new_cert), 0);
-	X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*num_days);
+	if (!X509_gmtime_adj(X509_getm_notBefore(new_cert), 0)
+		|| !X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*num_days)) {
+		php_openssl_store_errors();
+		goto cleanup;
+	}
 	i = X509_set_pubkey(new_cert, key);
 	if (!i) {
 		php_openssl_store_errors();
diff --git a/ext/openssl/openssl_backend_v1.c b/ext/openssl/openssl_backend_v1.c
@@ -140,7 +140,14 @@ static bool php_openssl_pkey_init_dsa_data(DSA *dsa, zval *data, bool *is_privat
 	OPENSSL_PKEY_SET_BN(data, p);
 	OPENSSL_PKEY_SET_BN(data, q);
 	OPENSSL_PKEY_SET_BN(data, g);
-	if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) {
+	if (!p || !q || !g) {
+		BN_free(p);
+		BN_free(q);
+		BN_free(g);
+		return false;
+	}
+
+	if (!DSA_set0_pqg(dsa, p, q, g)) {
 		return false;
 	}
 
@@ -270,6 +277,9 @@ static bool php_openssl_pkey_init_ec_data(EC_KEY *eckey, zval *data, bool *is_pr
 	EC_POINT *point_q = NULL;
 	EC_GROUP *group = NULL;
 	BN_CTX *bctx = BN_CTX_new();
+	if (!bctx) {
+		goto clean_exit;
+	}
 
 	*is_private = false;
 
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
@@ -1691,7 +1691,8 @@ static zend_result php_openssl_setup_crypto(php_stream *stream,
 
 	sslsock->ssl_handle = SSL_new(sslsock->ctx);
 
-	if (sslsock->ssl_handle == NULL) {
+	if (sslsock->ssl_handle == NULL
+		|| !SSL_set_ex_data(sslsock->ssl_handle, php_openssl_get_ssl_stream_data_index(), stream)) {
 		php_error_docref(NULL, E_WARNING, "SSL handle creation failure");
 		SSL_CTX_free(sslsock->ctx);
 		sslsock->ctx = NULL;
@@ -1702,8 +1703,6 @@ static zend_result php_openssl_setup_crypto(php_stream *stream,
 		}
 #endif
 		return FAILURE;
-	} else {
-		SSL_set_ex_data(sslsock->ssl_handle, php_openssl_get_ssl_stream_data_index(), stream);
 	}
 
 	if (!SSL_set_fd(sslsock->ssl_handle, sslsock->s.socket)) {
