Merge branch 'PHP-8.5'

ndossche · ndossche · commit 5a608bb1bae7 · 2026-02-17T21:47:55.000+01:00
* PHP-8.5:
  Update NEWS for OpenSSL changes
  Fix memory leaks in openssl_cms_encrypt() when push fails
  Fix memory leaks in openssl_pkcs7_encrypt() when push fails
  Fix missing error propagation when php_array_to_X509_sk() fails
  Fix memory leaks in php_array_to_X509_sk() when push fails
  Fix memory leak in php_openssl_load_all_certs_from_file() when push fails
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -1283,8 +1283,6 @@ PHP_FUNCTION(openssl_x509_free)
 }
 /* }}} */
 
-/* }}} */
-
 /* {{{ Creates and exports a PKCS to file */
 PHP_FUNCTION(openssl_pkcs12_export_to_file)
 {
@@ -1350,6 +1348,9 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
 
 	if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {
 		ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");
+		if (!ca) {
+			goto cleanup;
+		}
 	}
 	/* end parse extra config */
 
@@ -1443,6 +1444,9 @@ PHP_FUNCTION(openssl_pkcs12_export)
 
 	if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {
 		ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");
+		if (!ca) {
+			goto cleanup;
+		}
 	}
 	/* end parse extra config */
 
@@ -2662,7 +2666,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
 					goto clean_exit;
 				}
 			}
-			sk_X509_push(recipcerts, cert);
+			if (sk_X509_push(recipcerts, cert) <= 0) {
+				X509_free(cert);
+				goto clean_exit;
+			}
 		} ZEND_HASH_FOREACH_END();
 	} else {
 		/* a single certificate */
@@ -2683,7 +2690,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
 				goto clean_exit;
 			}
 		}
-		sk_X509_push(recipcerts, cert);
+		if (sk_X509_push(recipcerts, cert) <= 0) {
+			X509_free(cert);
+			goto clean_exit;
+		}
 	}
 
 	/* sanity check the cipher */
@@ -3278,7 +3288,10 @@ PHP_FUNCTION(openssl_cms_encrypt)
 					goto clean_exit;
 				}
 			}
-			sk_X509_push(recipcerts, cert);
+			if (sk_X509_push(recipcerts, cert) <= 0) {
+				php_openssl_store_errors();
+				goto clean_exit;
+			}
 		} ZEND_HASH_FOREACH_END();
 	} else {
 		/* a single certificate */
@@ -3298,7 +3311,10 @@ PHP_FUNCTION(openssl_cms_encrypt)
 				goto clean_exit;
 			}
 		}
-		sk_X509_push(recipcerts, cert);
+		if (sk_X509_push(recipcerts, cert) <= 0) {
+			php_openssl_store_errors();
+			goto clean_exit;
+		}
 	}
 
 	/* sanity check the cipher */
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
@@ -692,29 +692,25 @@ STACK_OF(X509) *php_openssl_load_all_certs_from_file(
 	X509_INFO *xi;
 	char cert_path[MAXPATHLEN];
 
-	if(!(stack = sk_X509_new_null())) {
-		php_openssl_store_errors();
-		php_error_docref(NULL, E_ERROR, "Memory allocation failure");
-		goto end;
-	}
-
 	if (!php_openssl_check_path(cert_file, cert_file_len, cert_path, arg_num)) {
-		sk_X509_free(stack);
 		goto end;
 	}
 
 	if (!(in = BIO_new_file(cert_path, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY)))) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Error opening the file, %s", cert_path);
-		sk_X509_free(stack);
 		goto end;
 	}
 
 	/* This loads from a file, a stack of x509/crl/pkey sets */
 	if (!(sk = php_openssl_pem_read_bio_x509_info(in))) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Error reading the file, %s", cert_path);
-		sk_X509_free(stack);
+		goto end;
+	}
+
+	if(!(stack = sk_X509_new_reserve(NULL, sk_X509_INFO_num(sk)))) {
+		php_openssl_store_errors();
 		goto end;
 	}
 
@@ -886,7 +882,10 @@ STACK_OF(X509) *php_openssl_array_to_X509_sk(zval * zcerts, uint32_t arg_num, co
 				}
 
 			}
-			sk_X509_push(sk, cert);
+			if (sk_X509_push(sk, cert) <= 0) {
+				X509_free(cert);
+				goto push_fail_exit;
+			}
 		} ZEND_HASH_FOREACH_END();
 	} else {
 		/* a single certificate */
@@ -904,11 +903,20 @@ STACK_OF(X509) *php_openssl_array_to_X509_sk(zval * zcerts, uint32_t arg_num, co
 				goto clean_exit;
 			}
 		}
-		sk_X509_push(sk, cert);
+		if (sk_X509_push(sk, cert) <= 0) {
+			X509_free(cert);
+			goto push_fail_exit;
+		}
 	}
 
 clean_exit:
 	return sk;
+
+push_fail_exit:
+	php_openssl_store_errors();
+	php_openssl_sk_X509_free(sk);
+	sk = NULL;
+	goto clean_exit;
 }
 
 zend_result php_openssl_csr_add_subj_entry(zval *item, X509_NAME *subj, int nid)

Original file line number	Diff line number	Diff line change
`@@ -1283,8 +1283,6 @@ PHP_FUNCTION(openssl_x509_free)`
`1283`	`1283`	`}`
`1284`	`1284`	`/* }}} */`
`1285`	`1285`
`1286`		`-/* }}} */`
`1287`		`-`
`1288`	`1286`	`/* {{{ Creates and exports a PKCS to file */`
`1289`	`1287`	`PHP_FUNCTION(openssl_pkcs12_export_to_file)`
`1290`	`1288`	`{`
`@@ -1350,6 +1348,9 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)`
`1350`	`1348`
`1351`	`1349`	`if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {`
`1352`	`1350`	`ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");`
	`1351`	`+ if (!ca) {`
	`1352`	`+ goto cleanup;`
	`1353`	`+ }`
`1353`	`1354`	`}`
`1354`	`1355`	`/* end parse extra config */`
`1355`	`1356`
`@@ -1443,6 +1444,9 @@ PHP_FUNCTION(openssl_pkcs12_export)`
`1443`	`1444`
`1444`	`1445`	`if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {`
`1445`	`1446`	`ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");`
	`1447`	`+ if (!ca) {`
	`1448`	`+ goto cleanup;`
	`1449`	`+ }`
`1446`	`1450`	`}`
`1447`	`1451`	`/* end parse extra config */`
`1448`	`1452`
`@@ -2662,7 +2666,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)`
`2662`	`2666`	`goto clean_exit;`
`2663`	`2667`	`}`
`2664`	`2668`	`}`
`2665`		`- sk_X509_push(recipcerts, cert);`
	`2669`	`+ if (sk_X509_push(recipcerts, cert) <= 0) {`
	`2670`	`+ X509_free(cert);`
	`2671`	`+ goto clean_exit;`
	`2672`	`+ }`
`2666`	`2673`	`} ZEND_HASH_FOREACH_END();`
`2667`	`2674`	`} else {`
`2668`	`2675`	`/* a single certificate */`
`@@ -2683,7 +2690,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)`
`2683`	`2690`	`goto clean_exit;`
`2684`	`2691`	`}`
`2685`	`2692`	`}`
`2686`		`- sk_X509_push(recipcerts, cert);`
	`2693`	`+ if (sk_X509_push(recipcerts, cert) <= 0) {`
	`2694`	`+ X509_free(cert);`
	`2695`	`+ goto clean_exit;`
	`2696`	`+ }`
`2687`	`2697`	`}`
`2688`	`2698`
`2689`	`2699`	`/* sanity check the cipher */`
`@@ -3278,7 +3288,10 @@ PHP_FUNCTION(openssl_cms_encrypt)`
`3278`	`3288`	`goto clean_exit;`
`3279`	`3289`	`}`
`3280`	`3290`	`}`
`3281`		`- sk_X509_push(recipcerts, cert);`
	`3291`	`+ if (sk_X509_push(recipcerts, cert) <= 0) {`
	`3292`	`+ php_openssl_store_errors();`
	`3293`	`+ goto clean_exit;`
	`3294`	`+ }`
`3282`	`3295`	`} ZEND_HASH_FOREACH_END();`
`3283`	`3296`	`} else {`
`3284`	`3297`	`/* a single certificate */`
`@@ -3298,7 +3311,10 @@ PHP_FUNCTION(openssl_cms_encrypt)`
`3298`	`3311`	`goto clean_exit;`
`3299`	`3312`	`}`
`3300`	`3313`	`}`
`3301`		`- sk_X509_push(recipcerts, cert);`
	`3314`	`+ if (sk_X509_push(recipcerts, cert) <= 0) {`
	`3315`	`+ php_openssl_store_errors();`
	`3316`	`+ goto clean_exit;`
	`3317`	`+ }`
`3302`	`3318`	`}`
`3303`	`3319`
`3304`	`3320`	`/* sanity check the cipher */`