Skip to content

Commit 5405e2b

Browse files
ndosschendossche
committed
Merge branch 'PHP-8.5'
* PHP-8.5: Fix crash in php_openssl_create_sni_server_ctx() when SSL_CTX_new() fails Fix crash in openssl_pkcs12_read() when BIO_new() fails Fix crash in openssl_pkey_export() when BIO_new() fails Fix crash in openssl_digest() when EVP_MD_CTX_create() fails
2 parents e7558a3 + 513f129 commit 5405e2b

File tree

2 files changed

+12
-2
lines changed

2 files changed

+12
-2
lines changed

ext/openssl/openssl.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1518,7 +1518,7 @@ PHP_FUNCTION(openssl_pkcs12_read)
15181518

15191519
if (cert) {
15201520
bio_out = BIO_new(BIO_s_mem());
1521-
if (PEM_write_bio_X509(bio_out, cert)) {
1521+
if (bio_out && PEM_write_bio_X509(bio_out, cert)) {
15221522
BUF_MEM *bio_buf;
15231523
BIO_get_mem_ptr(bio_out, &bio_buf);
15241524
ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
@@ -2224,6 +2224,10 @@ PHP_FUNCTION(openssl_pkey_export)
22242224

22252225
if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) {
22262226
bio_out = BIO_new(BIO_s_mem());
2227+
if (!bio_out) {
2228+
php_openssl_store_errors();
2229+
goto cleanup;
2230+
}
22272231

22282232
if (passphrase && req.priv_key_encrypt) {
22292233
if (req.priv_key_encrypt_cipher) {
@@ -2252,6 +2256,7 @@ PHP_FUNCTION(openssl_pkey_export)
22522256
php_openssl_store_errors();
22532257
}
22542258
}
2259+
cleanup:
22552260
EVP_PKEY_free(key);
22562261
BIO_free(bio_out);
22572262
PHP_SSL_REQ_DISPOSE(&req);
@@ -4524,7 +4529,8 @@ PHP_FUNCTION(openssl_digest)
45244529
sigbuf = zend_string_alloc(siglen, 0);
45254530

45264531
md_ctx = EVP_MD_CTX_create();
4527-
if (EVP_DigestInit(md_ctx, mdtype) &&
4532+
if (md_ctx &&
4533+
EVP_DigestInit(md_ctx, mdtype) &&
45284534
EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) &&
45294535
EVP_DigestFinal (md_ctx, (unsigned char *)ZSTR_VAL(sigbuf), &siglen)) {
45304536
if (raw_output) {

ext/openssl/xp_ssl.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1303,6 +1303,10 @@ static SSL_CTX *php_openssl_create_sni_server_ctx(char *cert_path, char *key_pat
13031303
/* The hello method is not inherited by SSL structs when assigning a new context
13041304
* inside the SNI callback, so the just use SSLv23 */
13051305
SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
1306+
if (!ctx) {
1307+
php_error_docref(NULL, E_WARNING, "Failed to create the SSL context");
1308+
return NULL;
1309+
}
13061310

13071311
if (SSL_CTX_use_certificate_chain_file(ctx, cert_path) != 1) {
13081312
php_error_docref(NULL, E_WARNING,

0 commit comments

Comments
 (0)