Skip to content

Commit 513f129

Browse files
ndosschendossche
committed
Merge branch 'PHP-8.4' into PHP-8.5
* PHP-8.4: Fix crash in php_openssl_create_sni_server_ctx() when SSL_CTX_new() fails Fix crash in openssl_pkcs12_read() when BIO_new() fails Fix crash in openssl_pkey_export() when BIO_new() fails Fix crash in openssl_digest() when EVP_MD_CTX_create() fails
2 parents f75ad03 + 1ef9aa7 commit 513f129

File tree

2 files changed

+14
-4
lines changed

2 files changed

+14
-4
lines changed

ext/openssl/openssl.c

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1508,7 +1508,7 @@ PHP_FUNCTION(openssl_pkcs12_read)
15081508

15091509
if (cert) {
15101510
bio_out = BIO_new(BIO_s_mem());
1511-
if (PEM_write_bio_X509(bio_out, cert)) {
1511+
if (bio_out && PEM_write_bio_X509(bio_out, cert)) {
15121512
BUF_MEM *bio_buf;
15131513
BIO_get_mem_ptr(bio_out, &bio_buf);
15141514
ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
@@ -1521,7 +1521,7 @@ PHP_FUNCTION(openssl_pkcs12_read)
15211521

15221522
if (pkey) {
15231523
bio_out = BIO_new(BIO_s_mem());
1524-
if (PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) {
1524+
if (bio_out && PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) {
15251525
BUF_MEM *bio_buf;
15261526
BIO_get_mem_ptr(bio_out, &bio_buf);
15271527
ZVAL_STRINGL(&zpkey, bio_buf->data, bio_buf->length);
@@ -1542,7 +1542,7 @@ PHP_FUNCTION(openssl_pkcs12_read)
15421542
if (!aCA) break;
15431543

15441544
bio_out = BIO_new(BIO_s_mem());
1545-
if (PEM_write_bio_X509(bio_out, aCA)) {
1545+
if (bio_out && PEM_write_bio_X509(bio_out, aCA)) {
15461546
BUF_MEM *bio_buf;
15471547
BIO_get_mem_ptr(bio_out, &bio_buf);
15481548
ZVAL_STRINGL(&zextracert, bio_buf->data, bio_buf->length);
@@ -2206,6 +2206,10 @@ PHP_FUNCTION(openssl_pkey_export)
22062206

22072207
if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
22082208
bio_out = BIO_new(BIO_s_mem());
2209+
if (!bio_out) {
2210+
php_openssl_store_errors();
2211+
goto cleanup;
2212+
}
22092213

22102214
if (passphrase && req.priv_key_encrypt) {
22112215
if (req.priv_key_encrypt_cipher) {
@@ -2234,6 +2238,7 @@ PHP_FUNCTION(openssl_pkey_export)
22342238
php_openssl_store_errors();
22352239
}
22362240
}
2241+
cleanup:
22372242
EVP_PKEY_free(key);
22382243
BIO_free(bio_out);
22392244
PHP_SSL_REQ_DISPOSE(&req);
@@ -4492,7 +4497,8 @@ PHP_FUNCTION(openssl_digest)
44924497
sigbuf = zend_string_alloc(siglen, 0);
44934498

44944499
md_ctx = EVP_MD_CTX_create();
4495-
if (EVP_DigestInit(md_ctx, mdtype) &&
4500+
if (md_ctx &&
4501+
EVP_DigestInit(md_ctx, mdtype) &&
44964502
EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) &&
44974503
EVP_DigestFinal (md_ctx, (unsigned char *)ZSTR_VAL(sigbuf), &siglen)) {
44984504
if (raw_output) {

ext/openssl/xp_ssl.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1303,6 +1303,10 @@ static SSL_CTX *php_openssl_create_sni_server_ctx(char *cert_path, char *key_pat
13031303
/* The hello method is not inherited by SSL structs when assigning a new context
13041304
* inside the SNI callback, so the just use SSLv23 */
13051305
SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
1306+
if (!ctx) {
1307+
php_error_docref(NULL, E_WARNING, "Failed to create the SSL context");
1308+
return NULL;
1309+
}
13061310

13071311
if (SSL_CTX_use_certificate_chain_file(ctx, cert_path) != 1) {
13081312
php_error_docref(NULL, E_WARNING,

0 commit comments

Comments
 (0)