Skip to content

Fix memory leak regression in openssl_pbkdf2()#21039

Closed
ndossche wants to merge 1 commit intophp:PHP-8.5from
ndossche:clesss-23
Closed

Fix memory leak regression in openssl_pbkdf2()#21039
ndossche wants to merge 1 commit intophp:PHP-8.5from
ndossche:clesss-23

Conversation

@ndossche
Copy link
Copy Markdown
Member

@ndossche ndossche commented Jan 25, 2026

We're fetching the digest using the new method, but if an alias is used, the method is fetched via EVP_MD_fetch() which requires lifetime management. This is observable when using "sha-256" instead of "sha256" as an algorithm name. This is a regression in comparison to PHP 8.4.

This was found by a hybrid static-dynamic analyser that looks for inconsistent handling of error checks in bindings.

@ndossche ndossche requested a review from bukka as a code owner January 25, 2026 22:26
@ndossche
Fix memory leak regression in openssl_pbkdf2()
8833fd9 
We're fetching the digest using the new method, but if an alias is used,
the method is fetched via EVP_MD_fetch() which requires lifetime
management. This is observable when using "sha-256" instead of "sha256"
as an algorithm name. This is a regression in comparison to PHP 8.4.
@ndossche ndossche closed this in 880a6fc Apr 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bukka bukka bukka approved these changes

Assignees

No one assigned

Labels

Extension: openssl

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ndossche @bukka @iluuu1994