Prevent leaking x509 and csr resources if it is not requested

All functions using php_openssl_x509_from_zval or php_openssl_csr_from_zval with makeresource equal to 0 do not deref the resource which means there is a leak till the end of the request. This can cause issues for long running apps. It is a generic solution for bug #75363 which also covers other functions.
author: Jakub Zelenka <bukka@php.net> 2017-10-30 16:36:38 +0000
committer: Jakub Zelenka <bukka@php.net> 2017-10-30 16:40:56 +0000
commit: fc169d2133a0507addbfd4f3b0cafe224b6e2c38 (patch)
tree: 41f7fa84f7f9294508cf1068853f756e28aedaf4
parent: d8ccffa79a983a8f4ce0304d6d69beb52f20579c (diff)
download: php-git-fc169d2133a0507addbfd4f3b0cafe224b6e2c38.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 41d65533a5..5fbb55b5df 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1587,10 +1587,11 @@ static X509 * php_openssl_x509_from_zval(zval * val, int makeresource, zend_reso
 		if (!what) {
 			return NULL;
 		}
-		/* this is so callers can decide if they should free the X509 */
 		if (resourceval) {
 			*resourceval = res;
-			Z_ADDREF_P(val);
+			if (makeresource) {
+				Z_ADDREF_P(val);
+			}
 		}
 		return (X509*)what;
 	}
@@ -3047,7 +3048,9 @@ static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_r
 		if (what) {
 			if (resourceval) {
 				*resourceval = res;
-				Z_ADDREF_P(val);
+				if (makeresource) {
+					Z_ADDREF_P(val);
+				}
 			}
 			return (X509_REQ*)what;
 		}
author	Jakub Zelenka <bukka@php.net>	2017-10-30 16:36:38 +0000
committer	Jakub Zelenka <bukka@php.net>	2017-10-30 16:40:56 +0000
commit	fc169d2133a0507addbfd4f3b0cafe224b6e2c38 (patch)
tree	41f7fa84f7f9294508cf1068853f756e28aedaf4
parent	d8ccffa79a983a8f4ce0304d6d69beb52f20579c (diff)
download	php-git-fc169d2133a0507addbfd4f3b0cafe224b6e2c38.tar.gz