Merge branch 'PHP-8.4' into PHP-8.5

ndossche · ndossche · commit 7d4e4304354a · 2026-01-22T22:47:35.000+01:00
* PHP-8.4:
  Fix memory leaks when sk_X509_new_null() fails
diff --git a/NEWS b/NEWS
@@ -36,6 +36,9 @@ PHP                                                                        NEWS
   . Fixed bug GH-20818 (Segfault in Tracing JIT with object reference).
     (khasinski)
 
+- OpenSSL:
+  . Fix memory leaks when sk_X509_new_null() fails. (ndossche)
+
 - Phar:
   . Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
     (ndossche)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -2616,6 +2616,9 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
 	}
 
 	recipcerts = sk_X509_new_null();
+	if (recipcerts == NULL) {
+		goto clean_exit;
+	}
 
 	/* get certs */
 	if (Z_TYPE_P(zrecipcerts) == IS_ARRAY) {
@@ -3230,6 +3233,9 @@ PHP_FUNCTION(openssl_cms_encrypt)
 	}
 
 	recipcerts = sk_X509_new_null();
+	if (recipcerts == NULL) {
+		goto clean_exit;
+	}
 
 	/* get certs */
 	if (Z_TYPE_P(zrecipcerts) == IS_ARRAY) {
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
@@ -864,6 +864,9 @@ STACK_OF(X509) *php_openssl_array_to_X509_sk(zval * zcerts, uint32_t arg_num, co
 	bool free_cert;
 
 	sk = sk_X509_new_null();
+	if (sk == NULL) {
+		goto clean_exit;
+	}
 
 	/* get certs */
 	if (Z_TYPE_P(zcerts) == IS_ARRAY) {
