Skip to content

Commit f92d54b

Browse files
ndosschendossche
committed
openssl: Fix missing error propagation for BIO_printf() calls
Since these go through a file, this can fail. For some of these, the error is already checked but not propagated to userland, causing a "true" return value but an incomplete file. For others, the error is not checked and can also lead to an incomplete file. Solve this by always propagating failure, especially as the other write calls are already checked for failure. Closes GH-21360.
1 parent 9ec303e commit f92d54b

File tree

2 files changed

+17
-4
lines changed

2 files changed

+17
-4
lines changed

NEWS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ PHP NEWS
2323
- OpenSSL:
2424
. Fixed bug GH-21083 (Skip private_key_bits validation for EC/curve-based
2525
keys). (iliaal)
26+
. Fix missing error propagation for BIO_printf() calls. (ndossche)
2627

2728
- PCRE:
2829
. Fixed re-entrancy issue on php_pcre_match_impl, php_pcre_replace_impl,

ext/openssl/openssl.c

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5900,16 +5900,21 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
59005900
/* tack on extra headers */
59015901
if (zheaders) {
59025902
ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(zheaders), strindex, zcertval) {
5903+
int ret;
59035904
zend_string *str = zval_try_get_string(zcertval);
59045905
if (UNEXPECTED(!str)) {
59055906
goto clean_exit;
59065907
}
59075908
if (strindex) {
5908-
BIO_printf(outfile, "%s: %s\n", ZSTR_VAL(strindex), ZSTR_VAL(str));
5909+
ret = BIO_printf(outfile, "%s: %s\n", ZSTR_VAL(strindex), ZSTR_VAL(str));
59095910
} else {
5910-
BIO_printf(outfile, "%s\n", ZSTR_VAL(str));
5911+
ret = BIO_printf(outfile, "%s\n", ZSTR_VAL(str));
59115912
}
59125913
zend_string_release(str);
5914+
if (ret < 0) {
5915+
php_openssl_store_errors();
5916+
goto clean_exit;
5917+
}
59135918
} ZEND_HASH_FOREACH_END();
59145919
}
59155920

@@ -6128,6 +6133,7 @@ PHP_FUNCTION(openssl_pkcs7_sign)
61286133
zend_string_release(str);
61296134
if (ret < 0) {
61306135
php_openssl_store_errors();
6136+
goto clean_exit;
61316137
}
61326138
} ZEND_HASH_FOREACH_END();
61336139
}
@@ -6518,16 +6524,21 @@ PHP_FUNCTION(openssl_cms_encrypt)
65186524
/* tack on extra headers */
65196525
if (zheaders && encoding == ENCODING_SMIME) {
65206526
ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(zheaders), strindex, zcertval) {
6527+
int ret;
65216528
zend_string *str = zval_try_get_string(zcertval);
65226529
if (UNEXPECTED(!str)) {
65236530
goto clean_exit;
65246531
}
65256532
if (strindex) {
6526-
BIO_printf(outfile, "%s: %s\n", ZSTR_VAL(strindex), ZSTR_VAL(str));
6533+
ret = BIO_printf(outfile, "%s: %s\n", ZSTR_VAL(strindex), ZSTR_VAL(str));
65276534
} else {
6528-
BIO_printf(outfile, "%s\n", ZSTR_VAL(str));
6535+
ret = BIO_printf(outfile, "%s\n", ZSTR_VAL(str));
65296536
}
65306537
zend_string_release(str);
6538+
if (ret < 0) {
6539+
php_openssl_store_errors();
6540+
goto clean_exit;
6541+
}
65316542
} ZEND_HASH_FOREACH_END();
65326543
}
65336544

@@ -6807,6 +6818,7 @@ PHP_FUNCTION(openssl_cms_sign)
68076818
zend_string_release(str);
68086819
if (ret < 0) {
68096820
php_openssl_store_errors();
6821+
goto clean_exit;
68106822
}
68116823
} ZEND_HASH_FOREACH_END();
68126824
}

0 commit comments

Comments
 (0)