Merge branch 'PHP-8.4' into PHP-8.5

ndossche · ndossche · commit e8a274e3dddb · 2026-02-17T21:46:49.000+01:00
* PHP-8.4: Update NEWS for OpenSSL changes Fix memory leaks in openssl_cms_encrypt() when push fails Fix memory leaks in openssl_pkcs7_encrypt() when push fails Fix missing error propagation when php_array_to_X509_sk() fails Fix memory leaks in php_array_to_X509_sk() when push fails Fix memory leak in php_openssl_load_all_certs_from_file() when push fails Closes GH-20986.
diff --git a/NEWS b/NEWS
@@ -38,6 +38,9 @@ PHP                                                                        NEWS
   . Fixed bug GH-21227 (Borked SCCP of array containing partial object).
     (ilutov)
 
+ OpenSSL:
+  . Fix a bunch of leaks and error propagation. (ndossche)
+
 - Windows:
   . Fixed compilation with clang (missing intrin.h include). (Kévin Dunglas)
 
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -1272,8 +1272,6 @@ PHP_FUNCTION(openssl_x509_free)
 }
 /* }}} */
 
-/* }}} */
-
 /* {{{ Creates and exports a PKCS to file */
 PHP_FUNCTION(openssl_pkcs12_export_to_file)
 {
@@ -1339,6 +1337,9 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
 
 	if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {
 		ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");
+		if (!ca) {
+			goto cleanup;
+		}
 	}
 	/* end parse extra config */
 
@@ -1432,6 +1433,9 @@ PHP_FUNCTION(openssl_pkcs12_export)
 
 	if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {
 		ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");
+		if (!ca) {
+			goto cleanup;
+		}
 	}
 	/* end parse extra config */
 
@@ -2651,7 +2655,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
 					goto clean_exit;
 				}
 			}
-			sk_X509_push(recipcerts, cert);
+			if (sk_X509_push(recipcerts, cert) <= 0) {
+				X509_free(cert);
+				goto clean_exit;
+			}
 		} ZEND_HASH_FOREACH_END();
 	} else {
 		/* a single certificate */
@@ -2672,7 +2679,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
 				goto clean_exit;
 			}
 		}
-		sk_X509_push(recipcerts, cert);
+		if (sk_X509_push(recipcerts, cert) <= 0) {
+			X509_free(cert);
+			goto clean_exit;
+		}
 	}
 
 	/* sanity check the cipher */
@@ -3267,7 +3277,10 @@ PHP_FUNCTION(openssl_cms_encrypt)
 					goto clean_exit;
 				}
 			}
-			sk_X509_push(recipcerts, cert);
+			if (sk_X509_push(recipcerts, cert) <= 0) {
+				php_openssl_store_errors();
+				goto clean_exit;
+			}
 		} ZEND_HASH_FOREACH_END();
 	} else {
 		/* a single certificate */
@@ -3287,7 +3300,10 @@ PHP_FUNCTION(openssl_cms_encrypt)
 				goto clean_exit;
 			}
 		}
-		sk_X509_push(recipcerts, cert);
+		if (sk_X509_push(recipcerts, cert) <= 0) {
+			php_openssl_store_errors();
+			goto clean_exit;
+		}
 	}
 
 	/* sanity check the cipher */
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
@@ -692,29 +692,25 @@ STACK_OF(X509) *php_openssl_load_all_certs_from_file(
 	X509_INFO *xi;
 	char cert_path[MAXPATHLEN];
 
-	if(!(stack = sk_X509_new_null())) {
-		php_openssl_store_errors();
-		php_error_docref(NULL, E_ERROR, "Memory allocation failure");
-		goto end;
-	}
-
 	if (!php_openssl_check_path(cert_file, cert_file_len, cert_path, arg_num)) {
-		sk_X509_free(stack);
 		goto end;
 	}
 
 	if (!(in = BIO_new_file(cert_path, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY)))) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Error opening the file, %s", cert_path);
-		sk_X509_free(stack);
 		goto end;
 	}
 
 	/* This loads from a file, a stack of x509/crl/pkey sets */
 	if (!(sk = php_openssl_pem_read_bio_x509_info(in))) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Error reading the file, %s", cert_path);
-		sk_X509_free(stack);
+		goto end;
+	}
+
+	if(!(stack = sk_X509_new_reserve(NULL, sk_X509_INFO_num(sk)))) {
+		php_openssl_store_errors();
 		goto end;
 	}
 
@@ -886,7 +882,10 @@ STACK_OF(X509) *php_openssl_array_to_X509_sk(zval * zcerts, uint32_t arg_num, co
 				}
 
 			}
-			sk_X509_push(sk, cert);
+			if (sk_X509_push(sk, cert) <= 0) {
+				X509_free(cert);
+				goto push_fail_exit;
+			}
 		} ZEND_HASH_FOREACH_END();
 	} else {
 		/* a single certificate */
@@ -904,11 +903,20 @@ STACK_OF(X509) *php_openssl_array_to_X509_sk(zval * zcerts, uint32_t arg_num, co
 				goto clean_exit;
 			}
 		}
-		sk_X509_push(sk, cert);
+		if (sk_X509_push(sk, cert) <= 0) {
+			X509_free(cert);
+			goto push_fail_exit;
+		}
 	}
 
 clean_exit:
 	return sk;
+
+push_fail_exit:
+	php_openssl_store_errors();
+	php_openssl_sk_X509_free(sk);
+	sk = NULL;
+	goto clean_exit;
 }
 
 zend_result php_openssl_csr_add_subj_entry(zval *item, X509_NAME *subj, int nid)

Original file line number	Diff line number	Diff line change
`@@ -1272,8 +1272,6 @@ PHP_FUNCTION(openssl_x509_free)`
`1272`	`1272`	`}`
`1273`	`1273`	`/* }}} */`
`1274`	`1274`
`1275`		`-/* }}} */`
`1276`		`-`
`1277`	`1275`	`/* {{{ Creates and exports a PKCS to file */`
`1278`	`1276`	`PHP_FUNCTION(openssl_pkcs12_export_to_file)`
`1279`	`1277`	`{`
`@@ -1339,6 +1337,9 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)`
`1339`	`1337`
`1340`	`1338`	`if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {`
`1341`	`1339`	`ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");`
	`1340`	`+ if (!ca) {`
	`1341`	`+ goto cleanup;`
	`1342`	`+ }`
`1342`	`1343`	`}`
`1343`	`1344`	`/* end parse extra config */`
`1344`	`1345`
`@@ -1432,6 +1433,9 @@ PHP_FUNCTION(openssl_pkcs12_export)`
`1432`	`1433`
`1433`	`1434`	`if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {`
`1434`	`1435`	`ca = php_openssl_array_to_X509_sk(item, 5, "extracerts");`
	`1436`	`+ if (!ca) {`
	`1437`	`+ goto cleanup;`
	`1438`	`+ }`
`1435`	`1439`	`}`
`1436`	`1440`	`/* end parse extra config */`
`1437`	`1441`
`@@ -2651,7 +2655,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)`
`2651`	`2655`	`goto clean_exit;`
`2652`	`2656`	`}`
`2653`	`2657`	`}`
`2654`		`- sk_X509_push(recipcerts, cert);`
	`2658`	`+ if (sk_X509_push(recipcerts, cert) <= 0) {`
	`2659`	`+ X509_free(cert);`
	`2660`	`+ goto clean_exit;`
	`2661`	`+ }`
`2655`	`2662`	`} ZEND_HASH_FOREACH_END();`
`2656`	`2663`	`} else {`
`2657`	`2664`	`/* a single certificate */`
`@@ -2672,7 +2679,10 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)`
`2672`	`2679`	`goto clean_exit;`
`2673`	`2680`	`}`
`2674`	`2681`	`}`
`2675`		`- sk_X509_push(recipcerts, cert);`
	`2682`	`+ if (sk_X509_push(recipcerts, cert) <= 0) {`
	`2683`	`+ X509_free(cert);`
	`2684`	`+ goto clean_exit;`
	`2685`	`+ }`
`2676`	`2686`	`}`
`2677`	`2687`
`2678`	`2688`	`/* sanity check the cipher */`
`@@ -3267,7 +3277,10 @@ PHP_FUNCTION(openssl_cms_encrypt)`
`3267`	`3277`	`goto clean_exit;`
`3268`	`3278`	`}`
`3269`	`3279`	`}`
`3270`		`- sk_X509_push(recipcerts, cert);`
	`3280`	`+ if (sk_X509_push(recipcerts, cert) <= 0) {`
	`3281`	`+ php_openssl_store_errors();`
	`3282`	`+ goto clean_exit;`
	`3283`	`+ }`
`3271`	`3284`	`} ZEND_HASH_FOREACH_END();`
`3272`	`3285`	`} else {`
`3273`	`3286`	`/* a single certificate */`
`@@ -3287,7 +3300,10 @@ PHP_FUNCTION(openssl_cms_encrypt)`
`3287`	`3300`	`goto clean_exit;`
`3288`	`3301`	`}`
`3289`	`3302`	`}`
`3290`		`- sk_X509_push(recipcerts, cert);`
	`3303`	`+ if (sk_X509_push(recipcerts, cert) <= 0) {`
	`3304`	`+ php_openssl_store_errors();`
	`3305`	`+ goto clean_exit;`
	`3306`	`+ }`
`3291`	`3307`	`}`
`3292`	`3308`
`3293`	`3309`	`/* sanity check the cipher */`