Skip to content

Commit e8a274e

Browse files
committed
Merge branch 'PHP-8.4' into PHP-8.5
* PHP-8.4: Update NEWS for OpenSSL changes Fix memory leaks in openssl_cms_encrypt() when push fails Fix memory leaks in openssl_pkcs7_encrypt() when push fails Fix missing error propagation when php_array_to_X509_sk() fails Fix memory leaks in php_array_to_X509_sk() when push fails Fix memory leak in php_openssl_load_all_certs_from_file() when push fails Closes GH-20986.
2 parents 1da4480 + b911748 commit e8a274e

3 files changed

Lines changed: 44 additions & 17 deletions

File tree

NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,9 @@ PHP NEWS
3838
. Fixed bug GH-21227 (Borked SCCP of array containing partial object).
3939
(ilutov)
4040

41+
OpenSSL:
42+
. Fix a bunch of leaks and error propagation. (ndossche)
43+
4144
- Windows:
4245
. Fixed compilation with clang (missing intrin.h include). (Kévin Dunglas)
4346

ext/openssl/openssl.c

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1272,8 +1272,6 @@ PHP_FUNCTION(openssl_x509_free)
12721272
}
12731273
/* }}} */
12741274

1275-
/* }}} */
1276-
12771275
/* {{{ Creates and exports a PKCS to file */
12781276
PHP_FUNCTION(openssl_pkcs12_export_to_file)
12791277
{
@@ -1339,6 +1337,9 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
13391337

13401338
if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {
13411339
ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");
1340+
if (!ca) {
1341+
goto cleanup;
1342+
}
13421343
}
13431344
/* end parse extra config */
13441345

@@ -1432,6 +1433,9 @@ PHP_FUNCTION(openssl_pkcs12_export)
14321433

14331434
if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {
14341435
ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");
1436+
if (!ca) {
1437+
goto cleanup;
1438+
}
14351439
}
14361440
/* end parse extra config */
14371441

@@ -2651,7 +2655,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
26512655
goto clean_exit;
26522656
}
26532657
}
2654-
sk_X509_push(recipcerts, cert);
2658+
if (sk_X509_push(recipcerts, cert) <= 0) {
2659+
X509_free(cert);
2660+
goto clean_exit;
2661+
}
26552662
} ZEND_HASH_FOREACH_END();
26562663
} else {
26572664
/* a single certificate */
@@ -2672,7 +2679,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
26722679
goto clean_exit;
26732680
}
26742681
}
2675-
sk_X509_push(recipcerts, cert);
2682+
if (sk_X509_push(recipcerts, cert) <= 0) {
2683+
X509_free(cert);
2684+
goto clean_exit;
2685+
}
26762686
}
26772687

26782688
/* sanity check the cipher */
@@ -3267,7 +3277,10 @@ PHP_FUNCTION(openssl_cms_encrypt)
32673277
goto clean_exit;
32683278
}
32693279
}
3270-
sk_X509_push(recipcerts, cert);
3280+
if (sk_X509_push(recipcerts, cert) <= 0) {
3281+
php_openssl_store_errors();
3282+
goto clean_exit;
3283+
}
32713284
} ZEND_HASH_FOREACH_END();
32723285
} else {
32733286
/* a single certificate */
@@ -3287,7 +3300,10 @@ PHP_FUNCTION(openssl_cms_encrypt)
32873300
goto clean_exit;
32883301
}
32893302
}
3290-
sk_X509_push(recipcerts, cert);
3303+
if (sk_X509_push(recipcerts, cert) <= 0) {
3304+
php_openssl_store_errors();
3305+
goto clean_exit;
3306+
}
32913307
}
32923308

32933309
/* sanity check the cipher */

ext/openssl/openssl_backend_common.c

Lines changed: 19 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -692,29 +692,25 @@ STACK_OF(X509) *php_openssl_load_all_certs_from_file(
692692
X509_INFO *xi;
693693
char cert_path[MAXPATHLEN];
694694

695-
if(!(stack = sk_X509_new_null())) {
696-
php_openssl_store_errors();
697-
php_error_docref(NULL, E_ERROR, "Memory allocation failure");
698-
goto end;
699-
}
700-
701695
if (!php_openssl_check_path(cert_file, cert_file_len, cert_path, arg_num)) {
702-
sk_X509_free(stack);
703696
goto end;
704697
}
705698

706699
if (!(in = BIO_new_file(cert_path, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY)))) {
707700
php_openssl_store_errors();
708701
php_error_docref(NULL, E_WARNING, "Error opening the file, %s", cert_path);
709-
sk_X509_free(stack);
710702
goto end;
711703
}
712704

713705
/* This loads from a file, a stack of x509/crl/pkey sets */
714706
if (!(sk = php_openssl_pem_read_bio_x509_info(in))) {
715707
php_openssl_store_errors();
716708
php_error_docref(NULL, E_WARNING, "Error reading the file, %s", cert_path);
717-
sk_X509_free(stack);
709+
goto end;
710+
}
711+
712+
if(!(stack = sk_X509_new_reserve(NULL, sk_X509_INFO_num(sk)))) {
713+
php_openssl_store_errors();
718714
goto end;
719715
}
720716

@@ -886,7 +882,10 @@ STACK_OF(X509) *php_openssl_array_to_X509_sk(zval * zcerts, uint32_t arg_num, co
886882
}
887883

888884
}
889-
sk_X509_push(sk, cert);
885+
if (sk_X509_push(sk, cert) <= 0) {
886+
X509_free(cert);
887+
goto push_fail_exit;
888+
}
890889
} ZEND_HASH_FOREACH_END();
891890
} else {
892891
/* a single certificate */
@@ -904,11 +903,20 @@ STACK_OF(X509) *php_openssl_array_to_X509_sk(zval * zcerts, uint32_t arg_num, co
904903
goto clean_exit;
905904
}
906905
}
907-
sk_X509_push(sk, cert);
906+
if (sk_X509_push(sk, cert) <= 0) {
907+
X509_free(cert);
908+
goto push_fail_exit;
909+
}
908910
}
909911

910912
clean_exit:
911913
return sk;
914+
915+
push_fail_exit:
916+
php_openssl_store_errors();
917+
php_openssl_sk_X509_free(sk);
918+
sk = NULL;
919+
goto clean_exit;
912920
}
913921

914922
zend_result php_openssl_csr_add_subj_entry(zval *item, X509_NAME *subj, int nid)

0 commit comments

Comments
 (0)