openssl: Propagate PHP_OPENSSL_ASN1_INTEGER_set() failure

ndossche · ndossche · commit cea48b4781fc · 2026-04-04T10:25:16.000+02:00
If this is not propagated, then the function will succeed even though
the serial number is not set.
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -3373,7 +3373,11 @@ PHP_FUNCTION(openssl_csr_sign)
 			goto cleanup;
 		}
 	} else {
-		PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial);
+		if (!PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial)) {
+			php_openssl_store_errors();
+			php_error_docref(NULL, E_WARNING, "Error setting serial number");
+			goto cleanup;
+		}
 	}
 
 	if (!X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr))) {

Original file line number	Diff line number	Diff line change
`@@ -3373,7 +3373,11 @@ PHP_FUNCTION(openssl_csr_sign)`
`3373`	`3373`	`goto cleanup;`
`3374`	`3374`	`}`
`3375`	`3375`	`} else {`
`3376`		`- PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial);`
	`3376`	`+ if (!PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial)) {`
	`3377`	`+ php_openssl_store_errors();`
	`3378`	`+ php_error_docref(NULL, E_WARNING, "Error setting serial number");`
	`3379`	`+ goto cleanup;`
	`3380`	`+ }`
`3377`	`3381`	`}`
`3378`	`3382`
`3379`	`3383`	`if (!X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr))) {`