diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-03-23 16:33:26 +0100 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-03-23 16:33:26 +0100 |
| commit | 3b26a3868e06b67936a3c385d46b07879ba9eb43 (patch) | |
| tree | 3583d3ced60777306f25f74c2d8b531667d60721 /ext/mysqlnd/mysqlnd_auth.c | |
| parent | d963b7852357ec3c4d437faf38f369915b275bd0 (diff) | |
| parent | 0afdf194f0b2b313605516f05512e45cc50e87c5 (diff) | |
| download | php-git-3b26a3868e06b67936a3c385d46b07879ba9eb43.tar.gz | |
Merge branch 'PHP-7.4'
* PHP-7.4:
Fix leak on Windows as well
Diffstat (limited to 'ext/mysqlnd/mysqlnd_auth.c')
| -rw-r--r-- | ext/mysqlnd/mysqlnd_auth.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c index 7ab8295727..299cefd90d 100644 --- a/ext/mysqlnd/mysqlnd_auth.c +++ b/ext/mysqlnd/mysqlnd_auth.c @@ -807,6 +807,7 @@ mysqlnd_sha256_public_encrypt(MYSQLND_CONN_DATA * conn, mysqlnd_rsa_t server_pub */ if ((size_t) server_public_key_len <= passwd_len + 41) { /* password message is to long */ + BCryptDestroyKey((BCRYPT_KEY_HANDLE) server_public_key); SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long"); DBG_ERR("password is too long"); DBG_RETURN(0); @@ -816,6 +817,7 @@ mysqlnd_sha256_public_encrypt(MYSQLND_CONN_DATA * conn, mysqlnd_rsa_t server_pub ret = malloc(*auth_data_len); if (BCryptEncrypt((BCRYPT_KEY_HANDLE) server_public_key, xor_str, passwd_len + 1, &padding_info, NULL, 0, ret, server_public_key_len, &server_public_key_len, BCRYPT_PAD_OAEP)) { + BCryptDestroyKey((BCRYPT_KEY_HANDLE) server_public_key); DBG_RETURN(0); } BCryptDestroyKey((BCRYPT_KEY_HANDLE) server_public_key); @@ -1055,6 +1057,7 @@ mysqlnd_caching_sha2_public_encrypt(MYSQLND_CONN_DATA * conn, mysqlnd_rsa_t serv */ if ((size_t) server_public_key_len <= passwd_len + 41) { /* password message is to long */ + BCryptDestroyKey((BCRYPT_KEY_HANDLE) server_public_key); SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long"); DBG_ERR("password is too long"); DBG_RETURN(0); @@ -1063,8 +1066,10 @@ mysqlnd_caching_sha2_public_encrypt(MYSQLND_CONN_DATA * conn, mysqlnd_rsa_t serv *crypted = emalloc(server_public_key_len); if (BCryptEncrypt((BCRYPT_KEY_HANDLE) server_public_key, xor_str, passwd_len + 1, &padding_info, NULL, 0, *crypted, server_public_key_len, &server_public_key_len, BCRYPT_PAD_OAEP)) { + BCryptDestroyKey((BCRYPT_KEY_HANDLE) server_public_key); DBG_RETURN(0); } + BCryptDestroyKey((BCRYPT_KEY_HANDLE) server_public_key); DBG_RETURN(server_public_key_len); } /* }}} */ |