Skip to content

Commit 3199500

Browse files
committed
Merge branch 'PHP-8.4' into PHP-8.5
* PHP-8.4: Add missing error check on SSL_set_ex_data() Fix UB and error propagation when X509_gmtime_adj() fails Fix memory leaks when BN_bin2bn() fails Add missing error check on BN_CTX_new()
2 parents e6e4d05 + f81a9a2 commit 3199500

3 files changed

Lines changed: 18 additions & 6 deletions

File tree

ext/openssl/openssl.c

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1816,8 +1816,11 @@ PHP_FUNCTION(openssl_csr_sign)
18161816
php_openssl_store_errors();
18171817
goto cleanup;
18181818
}
1819-
X509_gmtime_adj(X509_getm_notBefore(new_cert), 0);
1820-
X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*num_days);
1819+
if (!X509_gmtime_adj(X509_getm_notBefore(new_cert), 0)
1820+
|| !X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*num_days)) {
1821+
php_openssl_store_errors();
1822+
goto cleanup;
1823+
}
18211824
i = X509_set_pubkey(new_cert, key);
18221825
if (!i) {
18231826
php_openssl_store_errors();

ext/openssl/openssl_backend_v1.c

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,14 @@ static bool php_openssl_pkey_init_dsa_data(DSA *dsa, zval *data, bool *is_privat
140140
OPENSSL_PKEY_SET_BN(data, p);
141141
OPENSSL_PKEY_SET_BN(data, q);
142142
OPENSSL_PKEY_SET_BN(data, g);
143-
if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) {
143+
if (!p || !q || !g) {
144+
BN_free(p);
145+
BN_free(q);
146+
BN_free(g);
147+
return 0;
148+
}
149+
150+
if (!DSA_set0_pqg(dsa, p, q, g)) {
144151
return 0;
145152
}
146153

@@ -270,6 +277,9 @@ static bool php_openssl_pkey_init_ec_data(EC_KEY *eckey, zval *data, bool *is_pr
270277
EC_POINT *point_q = NULL;
271278
EC_GROUP *group = NULL;
272279
BN_CTX *bctx = BN_CTX_new();
280+
if (!bctx) {
281+
goto clean_exit;
282+
}
273283

274284
*is_private = false;
275285

ext/openssl/xp_ssl.c

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1691,7 +1691,8 @@ static zend_result php_openssl_setup_crypto(php_stream *stream,
16911691

16921692
sslsock->ssl_handle = SSL_new(sslsock->ctx);
16931693

1694-
if (sslsock->ssl_handle == NULL) {
1694+
if (sslsock->ssl_handle == NULL
1695+
|| !SSL_set_ex_data(sslsock->ssl_handle, php_openssl_get_ssl_stream_data_index(), stream)) {
16951696
php_error_docref(NULL, E_WARNING, "SSL handle creation failure");
16961697
SSL_CTX_free(sslsock->ctx);
16971698
sslsock->ctx = NULL;
@@ -1702,8 +1703,6 @@ static zend_result php_openssl_setup_crypto(php_stream *stream,
17021703
}
17031704
#endif
17041705
return FAILURE;
1705-
} else {
1706-
SSL_set_ex_data(sslsock->ssl_handle, php_openssl_get_ssl_stream_data_index(), stream);
17071706
}
17081707

17091708
if (!SSL_set_fd(sslsock->ssl_handle, sslsock->s.socket)) {

0 commit comments

Comments
 (0)