diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2019-06-21 15:07:59 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-06-21 15:07:59 +0200 |
| commit | 66e4b78519f53a2ff3fe550217024cc2cc9a6b3c (patch) | |
| tree | 3a218a08115c846d8fe90e1fbd5837b31dce274b | |
| parent | 414db07bdb49062ae5350407669ef868226af630 (diff) | |
| parent | 99f3e0f0ed6668097bf4fb2820f3e97db1197869 (diff) | |
| download | php-git-66e4b78519f53a2ff3fe550217024cc2cc9a6b3c.tar.gz | |
Merge branch 'PHP-7.2' into PHP-7.3
| -rw-r--r-- | ext/openssl/openssl.c | 46 | ||||
| -rw-r--r-- | ext/openssl/xp_ssl.c | 1 |
2 files changed, 34 insertions, 13 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 08cb01fba1..4cc3bd5446 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -2082,6 +2082,9 @@ cleanup: if (spkstr_cleaned != NULL) { efree(spkstr_cleaned); } + if (spki) { + NETSCAPE_SPKI_free(spki); + } } /* }}} */ @@ -3032,8 +3035,6 @@ PHP_FUNCTION(openssl_pkcs12_read) } RETVAL_TRUE; - - PKCS12_free(p12); } else { php_openssl_store_errors(); } @@ -3048,6 +3049,9 @@ PHP_FUNCTION(openssl_pkcs12_read) if (cert) { X509_free(cert); } + if (p12) { + PKCS12_free(p12); + } } /* }}} */ @@ -3625,7 +3629,10 @@ PHP_FUNCTION(openssl_csr_get_subject) array_init(return_value); php_openssl_add_assoc_name_entry(return_value, NULL, subject, use_shortnames); - return; + + if (!csr_resource) { + X509_REQ_free(csr); + } } /* }}} */ @@ -3637,16 +3644,16 @@ PHP_FUNCTION(openssl_csr_get_public_key) zend_bool use_shortnames = 1; zend_resource *csr_resource; - X509_REQ * csr; + X509_REQ *orig_csr, *csr; EVP_PKEY *tpubkey; if (zend_parse_parameters(ZEND_NUM_ARGS(), "z|b", &zcsr, &use_shortnames) == FAILURE) { return; } - csr = php_openssl_csr_from_zval(zcsr, 0, &csr_resource); + orig_csr = php_openssl_csr_from_zval(zcsr, 0, &csr_resource); - if (csr == NULL) { + if (orig_csr == NULL) { RETURN_FALSE; } @@ -3656,15 +3663,23 @@ PHP_FUNCTION(openssl_csr_get_public_key) * a private key, it will be returned including the private part. * If we duplicate it, then we get just the public part which is * the same behavior as for OpenSSL 1.0 */ - csr = X509_REQ_dup(csr); + csr = X509_REQ_dup(orig_csr); +#else + csr = orig_csr; #endif + /* Retrieve the public key from the CSR */ tpubkey = X509_REQ_get_pubkey(csr); -#if PHP_OPENSSL_API_VERSION >= 0x10100 - /* We need to free the CSR as it was duplicated */ - X509_REQ_free(csr); -#endif + if (csr != orig_csr) { + /* We need to free the duplicated CSR */ + X509_REQ_free(csr); + } + + if (!csr_resource) { + /* We also need to free the original CSR if it was freshly created */ + X509_REQ_free(orig_csr); + } if (tpubkey == NULL) { php_openssl_store_errors(); @@ -4362,7 +4377,7 @@ PHP_FUNCTION(openssl_pkey_new) EC_KEY *eckey = NULL; EC_GROUP *group = NULL; EC_POINT *pnt = NULL; - const BIGNUM *d; + BIGNUM *d = NULL; pkey = EVP_PKEY_new(); if (pkey) { eckey = EC_KEY_new(); @@ -4410,6 +4425,8 @@ PHP_FUNCTION(openssl_pkey_new) php_openssl_store_errors(); goto clean_exit; } + + BN_free(d); } else if ((x = zend_hash_str_find(Z_ARRVAL_P(data), "x", sizeof("x") - 1)) != NULL && Z_TYPE_P(x) == IS_STRING && (y = zend_hash_str_find(Z_ARRVAL_P(data), "y", sizeof("y") - 1)) != NULL && @@ -4454,6 +4471,9 @@ PHP_FUNCTION(openssl_pkey_new) php_openssl_store_errors(); } clean_exit: + if (d != NULL) { + BN_free(d); + } if (pnt != NULL) { EC_POINT_free(pnt); } @@ -5191,7 +5211,7 @@ clean_exit: BIO_free(in); BIO_free(dataout); PKCS7_free(p7); - sk_X509_free(others); + sk_X509_pop_free(others, X509_free); } /* }}} */ diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 31982de0ba..acec874b61 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -831,6 +831,7 @@ static long php_openssl_load_stream_cafile(X509_STORE *cert_store, const char *c buffer_active = 0; if (cert && X509_STORE_add_cert(cert_store, cert)) { ++certs_added; + X509_free(cert); } goto cert_start; } |