Fix alpn_ctx leaking in openssl

1 files changed, 15 insertions, 2 deletions

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 208aafcd7b..f9697d0483 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -1599,8 +1599,8 @@ int php_openssl_setup_crypto(php_stream *stream,
 			if (sslsock->is_client) {
 				SSL_CTX_set_alpn_protos(sslsock->ctx, alpn, alpn_len);
 			} else {
-				sslsock->alpn_ctx = (php_openssl_alpn_ctx *) emalloc(sizeof(php_openssl_alpn_ctx));
-				sslsock->alpn_ctx->data = (unsigned char*)estrndup((const char*)alpn, alpn_len);
+				sslsock->alpn_ctx = (php_openssl_alpn_ctx *) pemalloc(sizeof(php_openssl_alpn_ctx), php_stream_is_persistent(stream));
+				sslsock->alpn_ctx->data = (unsigned char *) pestrndup((const char*)alpn, alpn_len, php_stream_is_persistent(stream));
 				sslsock->alpn_ctx->len = alpn_len;
 				SSL_CTX_set_alpn_select_cb(sslsock->ctx, server_alpn_callback, sslsock);
 			}
@@ -1632,6 +1632,13 @@ int php_openssl_setup_crypto(php_stream *stream,
 		php_error_docref(NULL, E_WARNING, "SSL handle creation failure");
 		SSL_CTX_free(sslsock->ctx);
 		sslsock->ctx = NULL;
+#ifdef HAVE_TLS_ALPN
+		if (sslsock->alpn_ctx) {
+			pefree(sslsock->alpn_ctx->data, php_stream_is_persistent(stream));
+			pefree(sslsock->alpn_ctx, php_stream_is_persistent(stream));
+			sslsock->alpn_ctx = NULL;
+		}
+#endif
 		return FAILURE;
 	} else {
 		SSL_set_ex_data(sslsock->ssl_handle, php_openssl_get_ssl_stream_data_index(), stream);
@@ -2137,6 +2144,12 @@ static int php_openssl_sockop_close(php_stream *stream, int close_handle) /* {{{
 			SSL_CTX_free(sslsock->ctx);
 			sslsock->ctx = NULL;
 		}
+#ifdef HAVE_TLS_ALPN
+		if (sslsock->alpn_ctx) {
+			pefree(sslsock->alpn_ctx->data, php_stream_is_persistent(stream));
+			pefree(sslsock->alpn_ctx, php_stream_is_persistent(stream));
+		}
+#endif
 #ifdef PHP_WIN32
 		if (sslsock->s.socket == -1)
 			sslsock->s.socket = SOCK_ERR;