openssl: fix memory leaks when session callback returns wrong type (php#21966)

ndossche · web-flow · commit b5c17e76a29a · 2026-06-02T22:37:21.000+02:00
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
@@ -2051,13 +2051,12 @@ static SSL_SESSION *php_openssl_session_get_cb(SSL *ssl, const unsigned char *se
 				SSL_SESSION_up_ref(obj->session);
 				session = obj->session;
 			}
-			zval_ptr_dtor(&retval);
 		} else if (Z_TYPE(retval) != IS_NULL) {
 			zend_type_error("session_get_cb return type must be null or OpenSSLSession");
-			return NULL;
 		}
 	}
 
+	zval_ptr_dtor(&retval);
 	zval_ptr_dtor(&args[1]);
 
 	*copy = 0;

Original file line number	Diff line number	Diff line change
`@@ -2051,13 +2051,12 @@ static SSL_SESSION php_openssl_session_get_cb(SSL ssl, const unsigned char *se`
`2051`	`2051`	`SSL_SESSION_up_ref(obj->session);`
`2052`	`2052`	`session = obj->session;`
`2053`	`2053`	`}`
`2054`		`- zval_ptr_dtor(&retval);`
`2055`	`2054`	`} else if (Z_TYPE(retval) != IS_NULL) {`
`2056`	`2055`	`zend_type_error("session_get_cb return type must be null or OpenSSLSession");`
`2057`		`- return NULL;`
`2058`	`2056`	`}`
`2059`	`2057`	`}`
`2060`	`2058`
	`2059`	`+ zval_ptr_dtor(&retval);`
`2061`	`2060`	`zval_ptr_dtor(&args[1]);`
`2062`	`2061`
`2063`	`2062`	`*copy = 0;`