From 68338db7539555d82b181e4aeb0c5c7359a97abf Mon Sep 17 00:00:00 2001 From: David Carlier Date: Wed, 21 May 2025 19:26:15 +0100 Subject: [PATCH 1/2] Fix GH-18617: socket_import_file_descriptor return check. to_zval_read_fd_array() helper when retrieving the socket protocol did not check it. --- ext/sockets/conversions.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ext/sockets/conversions.c b/ext/sockets/conversions.c index 4059758f4471..dc0ac022460d 100644 --- a/ext/sockets/conversions.c +++ b/ext/sockets/conversions.c @@ -1457,7 +1457,10 @@ void to_zval_read_fd_array(const char *data, zval *zv, res_context *ctx) object_init_ex(&elem, socket_ce); php_socket *sock = Z_SOCKET_P(&elem); - socket_import_file_descriptor(fd, sock); + if (!socket_import_file_descriptor(fd, sock)) { + do_to_zval_err(ctx, "error getting protocol descriptor %d: getsockopt() call failed with errno %d", fd, errno); + return; + } } else { php_stream *stream = php_stream_fopen_from_fd(fd, "rw", NULL); php_stream_to_zval(stream, &elem); From 4d35405728572f7cf4c5938844e3400799f72832 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Wed, 21 May 2025 21:01:48 +0100 Subject: [PATCH 2/2] free mem leak --- ext/sockets/conversions.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/sockets/conversions.c b/ext/sockets/conversions.c index dc0ac022460d..d03ef8ef68d5 100644 --- a/ext/sockets/conversions.c +++ b/ext/sockets/conversions.c @@ -1459,6 +1459,7 @@ void to_zval_read_fd_array(const char *data, zval *zv, res_context *ctx) if (!socket_import_file_descriptor(fd, sock)) { do_to_zval_err(ctx, "error getting protocol descriptor %d: getsockopt() call failed with errno %d", fd, errno); + zval_ptr_dtor(&elem); return; } } else {