From fc169d2133a0507addbfd4f3b0cafe224b6e2c38 Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Mon, 30 Oct 2017 16:36:38 +0000
Subject: Prevent leaking x509 and csr resources if it is not requested

All functions using php_openssl_x509_from_zval or php_openssl_csr_from_zval
with makeresource equal to 0 do not deref the resource which means there
is a leak till the end of the request. This can cause issues for long
running apps. It is a generic solution for bug #75363 which also covers
other functions.
---
 ext/openssl/openssl.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 41d65533a5..5fbb55b5df 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1587,10 +1587,11 @@ static X509 * php_openssl_x509_from_zval(zval * val, int makeresource, zend_reso
 		if (!what) {
 			return NULL;
 		}
-		/* this is so callers can decide if they should free the X509 */
 		if (resourceval) {
 			*resourceval = res;
-			Z_ADDREF_P(val);
+			if (makeresource) {
+				Z_ADDREF_P(val);
+			}
 		}
 		return (X509*)what;
 	}
@@ -3047,7 +3048,9 @@ static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_r
 		if (what) {
 			if (resourceval) {
 				*resourceval = res;
-				Z_ADDREF_P(val);
+				if (makeresource) {
+					Z_ADDREF_P(val);
+				}
 			}
 			return (X509_REQ*)what;
 		}
-- 
cgit v1.2.1