diff options
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | ext/openssl/openssl.c | 52 |
2 files changed, 29 insertions, 27 deletions
@@ -19,8 +19,8 @@ PHP NEWS . Fixed bug #75301 (Exif extension has built in revision version). (Peter Kokot) -- Openssl: - . Fixed bug #75363 (openssl_x509_parse leaks memory). (Bob) +- OpenSSL: + . Fixed bug #75363 (openssl_x509_parse leaks memory). (Bob, Jakub Zelenka) - Zlib: . Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add). (Fabien diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 9784ac49a7..9b8a2fc968 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1646,7 +1646,6 @@ PHP_FUNCTION(openssl_x509_export_to_file) zval * zcert; zend_bool notext = 1; BIO * bio_out; - zend_resource *certresource; char * filename; size_t filename_len; @@ -1655,7 +1654,7 @@ PHP_FUNCTION(openssl_x509_export_to_file) } RETVAL_FALSE; - cert = php_openssl_x509_from_zval(zcert, 0, &certresource); + cert = php_openssl_x509_from_zval(zcert, 0, NULL); if (cert == NULL) { php_error_docref(NULL, E_WARNING, "cannot get cert from parameter 1"); return; @@ -1676,7 +1675,7 @@ PHP_FUNCTION(openssl_x509_export_to_file) } else { php_error_docref(NULL, E_WARNING, "error opening file %s", filename); } - if (certresource == NULL && cert) { + if (Z_TYPE_P(zcert) != IS_RESOURCE) { X509_free(cert); } BIO_free(bio_out); @@ -1968,14 +1967,13 @@ PHP_FUNCTION(openssl_x509_export) zval * zcert, *zout; zend_bool notext = 1; BIO * bio_out; - zend_resource *certresource; if (zend_parse_parameters(ZEND_NUM_ARGS(), "zz/|b", &zcert, &zout, ¬ext) == FAILURE) { return; } RETVAL_FALSE; - cert = php_openssl_x509_from_zval(zcert, 0, &certresource); + cert = php_openssl_x509_from_zval(zcert, 0, NULL); if (cert == NULL) { php_error_docref(NULL, E_WARNING, "cannot get cert from parameter 1"); return; @@ -1995,7 +1993,7 @@ PHP_FUNCTION(openssl_x509_export) RETVAL_TRUE; } - if (certresource == NULL && cert) { + if (Z_TYPE_P(zcert) != IS_RESOURCE) { X509_free(cert); } BIO_free(bio_out); @@ -2032,7 +2030,6 @@ PHP_FUNCTION(openssl_x509_fingerprint) { X509 *cert; zval *zcert; - zend_resource *certresource; zend_bool raw_output = 0; char *method = "sha1"; size_t method_len; @@ -2042,7 +2039,7 @@ PHP_FUNCTION(openssl_x509_fingerprint) return; } - cert = php_openssl_x509_from_zval(zcert, 0, &certresource); + cert = php_openssl_x509_from_zval(zcert, 0, NULL); if (cert == NULL) { php_error_docref(NULL, E_WARNING, "cannot get cert from parameter 1"); RETURN_FALSE; @@ -2055,7 +2052,7 @@ PHP_FUNCTION(openssl_x509_fingerprint) RETVAL_FALSE; } - if (certresource == NULL && cert) { + if (Z_TYPE_P(zcert) != IS_RESOURCE) { X509_free(cert); } } @@ -2067,14 +2064,14 @@ PHP_FUNCTION(openssl_x509_check_private_key) zval * zcert, *zkey; X509 * cert = NULL; EVP_PKEY * key = NULL; - zend_resource *certresource = NULL, *keyresource = NULL; + zend_resource *keyresource = NULL; RETVAL_FALSE; if (zend_parse_parameters(ZEND_NUM_ARGS(), "zz", &zcert, &zkey) == FAILURE) { return; } - cert = php_openssl_x509_from_zval(zcert, 0, &certresource); + cert = php_openssl_x509_from_zval(zcert, 0, NULL); if (cert == NULL) { RETURN_FALSE; } @@ -2086,7 +2083,7 @@ PHP_FUNCTION(openssl_x509_check_private_key) if (keyresource == NULL && key) { EVP_PKEY_free(key); } - if (certresource == NULL && cert) { + if (Z_TYPE_P(zcert) != IS_RESOURCE) { X509_free(cert); } } @@ -2298,6 +2295,9 @@ PHP_FUNCTION(openssl_x509_parse) } else { zval_dtor(return_value); BIO_free(bio_out); + if (Z_TYPE_P(zcert) != IS_RESOURCE) { + X509_free(cert); + } RETURN_FALSE; } } @@ -2310,6 +2310,9 @@ PHP_FUNCTION(openssl_x509_parse) BIO_free(bio_out); } add_assoc_zval(return_value, "extensions", &subitem); + if (Z_TYPE_P(zcert) != IS_RESOURCE) { + X509_free(cert); + } } /* }}} */ @@ -2396,7 +2399,6 @@ PHP_FUNCTION(openssl_x509_checkpurpose) zval * zcert, * zcainfo = NULL; X509_STORE * cainfo = NULL; X509 * cert = NULL; - zend_resource *certresource = NULL; STACK_OF(X509) * untrustedchain = NULL; zend_long purpose; char * untrusted = NULL; @@ -2420,7 +2422,7 @@ PHP_FUNCTION(openssl_x509_checkpurpose) if (cainfo == NULL) { goto clean_exit; } - cert = php_openssl_x509_from_zval(zcert, 0, &certresource); + cert = php_openssl_x509_from_zval(zcert, 0, NULL); if (cert == NULL) { goto clean_exit; } @@ -2431,11 +2433,10 @@ PHP_FUNCTION(openssl_x509_checkpurpose) } else { RETVAL_BOOL(ret); } - -clean_exit: - if (certresource == NULL && cert) { + if (Z_TYPE_P(zcert) != IS_RESOURCE) { X509_free(cert); } +clean_exit: if (cainfo) { X509_STORE_free(cainfo); } @@ -2622,7 +2623,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file) size_t pass_len; zval *zcert = NULL, *zpkey = NULL, *args = NULL; EVP_PKEY *priv_key = NULL; - zend_resource *certresource, *keyresource; + zend_resource *keyresource; zval * item; STACK_OF(X509) *ca = NULL; @@ -2631,7 +2632,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file) RETVAL_FALSE; - cert = php_openssl_x509_from_zval(zcert, 0, &certresource); + cert = php_openssl_x509_from_zval(zcert, 0, NULL); if (cert == NULL) { php_error_docref(NULL, E_WARNING, "cannot get cert from parameter 1"); return; @@ -2641,7 +2642,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file) php_error_docref(NULL, E_WARNING, "cannot get private key from parameter 3"); goto cleanup; } - if (cert && !X509_check_private_key(cert, priv_key)) { + if (!X509_check_private_key(cert, priv_key)) { php_error_docref(NULL, E_WARNING, "private key does not correspond to cert"); goto cleanup; } @@ -2685,7 +2686,8 @@ cleanup: if (keyresource == NULL && priv_key) { EVP_PKEY_free(priv_key); } - if (certresource == NULL && cert) { + + if (Z_TYPE_P(zcert) != IS_RESOURCE) { X509_free(cert); } } @@ -2700,7 +2702,7 @@ PHP_FUNCTION(openssl_pkcs12_export) PKCS12 * p12 = NULL; zval * zcert = NULL, *zout = NULL, *zpkey, *args = NULL; EVP_PKEY *priv_key = NULL; - zend_resource *certresource, *keyresource; + zend_resource *keyresource; char * pass; size_t pass_len; char * friendly_name = NULL; @@ -2712,7 +2714,7 @@ PHP_FUNCTION(openssl_pkcs12_export) RETVAL_FALSE; - cert = php_openssl_x509_from_zval(zcert, 0, &certresource); + cert = php_openssl_x509_from_zval(zcert, 0, NULL); if (cert == NULL) { php_error_docref(NULL, E_WARNING, "cannot get cert from parameter 1"); return; @@ -2722,7 +2724,7 @@ PHP_FUNCTION(openssl_pkcs12_export) php_error_docref(NULL, E_WARNING, "cannot get private key from parameter 3"); goto cleanup; } - if (cert && !X509_check_private_key(cert, priv_key)) { + if (!X509_check_private_key(cert, priv_key)) { php_error_docref(NULL, E_WARNING, "private key does not correspond to cert"); goto cleanup; } @@ -2757,7 +2759,7 @@ cleanup: if (keyresource == NULL && priv_key) { EVP_PKEY_free(priv_key); } - if (certresource == NULL && cert) { + if (Z_TYPE_P(zcert) != IS_RESOURCE) { X509_free(cert); } } |