Skip to content

Commit

Permalink
Properly fix #75363 and address some other leaks with cert
Browse files Browse the repository at this point in the history
  • Loading branch information
@bukka
bukka committed Oct 15, 2017
1 parent 5acb838 commit 999fe36
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 27 deletions.
4 changes: 2 additions & 2 deletions NEWS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ PHP NEWS
. Fixed bug #75301 (Exif extension has built in revision version). (Peter
Kokot)

- Openssl:
. Fixed bug #75363 (openssl_x509_parse leaks memory). (Bob)
- OpenSSL:
. Fixed bug #75363 (openssl_x509_parse leaks memory). (Bob, Jakub Zelenka)

- Zlib:
. Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add). (Fabien
Expand Down
52 changes: 27 additions & 25 deletions ext/openssl/openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1646,7 +1646,6 @@ PHP_FUNCTION(openssl_x509_export_to_file)
zval * zcert;
zend_bool notext = 1;
BIO * bio_out;
zend_resource *certresource;
char * filename;
size_t filename_len;

Expand All @@ -1655,7 +1654,7 @@ PHP_FUNCTION(openssl_x509_export_to_file)
}
RETVAL_FALSE;

cert = php_openssl_x509_from_zval(zcert, 0, &certresource);
cert = php_openssl_x509_from_zval(zcert, 0, NULL);
if (cert == NULL) {
php_error_docref(NULL, E_WARNING, "cannot get cert from parameter 1");
return;
Expand All @@ -1676,7 +1675,7 @@ PHP_FUNCTION(openssl_x509_export_to_file)
} else {
php_error_docref(NULL, E_WARNING, "error opening file %s", filename);
}
if (certresource == NULL && cert) {
if (Z_TYPE_P(zcert) != IS_RESOURCE) {
X509_free(cert);
}
BIO_free(bio_out);
Expand Down Expand Up @@ -1968,14 +1967,13 @@ PHP_FUNCTION(openssl_x509_export)
zval * zcert, *zout;
zend_bool notext = 1;
BIO * bio_out;
zend_resource *certresource;

if (zend_parse_parameters(ZEND_NUM_ARGS(), "zz/|b", &zcert, &zout, &notext) == FAILURE) {
return;
}
RETVAL_FALSE;

cert = php_openssl_x509_from_zval(zcert, 0, &certresource);
cert = php_openssl_x509_from_zval(zcert, 0, NULL);
if (cert == NULL) {
php_error_docref(NULL, E_WARNING, "cannot get cert from parameter 1");
return;
Expand All @@ -1995,7 +1993,7 @@ PHP_FUNCTION(openssl_x509_export)
RETVAL_TRUE;
}

if (certresource == NULL && cert) {
if (Z_TYPE_P(zcert) != IS_RESOURCE) {
X509_free(cert);
}
BIO_free(bio_out);
Expand Down Expand Up @@ -2032,7 +2030,6 @@ PHP_FUNCTION(openssl_x509_fingerprint)
{
X509 *cert;
zval *zcert;
zend_resource *certresource;
zend_bool raw_output = 0;
char *method = "sha1";
size_t method_len;
Expand All @@ -2042,7 +2039,7 @@ PHP_FUNCTION(openssl_x509_fingerprint)
return;
}

cert = php_openssl_x509_from_zval(zcert, 0, &certresource);
cert = php_openssl_x509_from_zval(zcert, 0, NULL);
if (cert == NULL) {
php_error_docref(NULL, E_WARNING, "cannot get cert from parameter 1");
RETURN_FALSE;
Expand All @@ -2055,7 +2052,7 @@ PHP_FUNCTION(openssl_x509_fingerprint)
RETVAL_FALSE;
}

if (certresource == NULL && cert) {
if (Z_TYPE_P(zcert) != IS_RESOURCE) {
X509_free(cert);
}
}
Expand All @@ -2067,14 +2064,14 @@ PHP_FUNCTION(openssl_x509_check_private_key)
zval * zcert, *zkey;
X509 * cert = NULL;
EVP_PKEY * key = NULL;
zend_resource *certresource = NULL, *keyresource = NULL;
zend_resource *keyresource = NULL;

RETVAL_FALSE;

if (zend_parse_parameters(ZEND_NUM_ARGS(), "zz", &zcert, &zkey) == FAILURE) {
return;
}
cert = php_openssl_x509_from_zval(zcert, 0, &certresource);
cert = php_openssl_x509_from_zval(zcert, 0, NULL);
if (cert == NULL) {
RETURN_FALSE;
}
Expand All @@ -2086,7 +2083,7 @@ PHP_FUNCTION(openssl_x509_check_private_key)
if (keyresource == NULL && key) {
EVP_PKEY_free(key);
}
if (certresource == NULL && cert) {
if (Z_TYPE_P(zcert) != IS_RESOURCE) {
X509_free(cert);
}
}
Expand Down Expand Up @@ -2298,6 +2295,9 @@ PHP_FUNCTION(openssl_x509_parse)
} else {
zval_dtor(return_value);
BIO_free(bio_out);
if (Z_TYPE_P(zcert) != IS_RESOURCE) {
X509_free(cert);
}
RETURN_FALSE;
}
}
Expand All @@ -2310,6 +2310,9 @@ PHP_FUNCTION(openssl_x509_parse)
BIO_free(bio_out);
}
add_assoc_zval(return_value, "extensions", &subitem);
if (Z_TYPE_P(zcert) != IS_RESOURCE) {
X509_free(cert);
}
}
/* }}} */

Expand Down Expand Up @@ -2396,7 +2399,6 @@ PHP_FUNCTION(openssl_x509_checkpurpose)
zval * zcert, * zcainfo = NULL;
X509_STORE * cainfo = NULL;
X509 * cert = NULL;
zend_resource *certresource = NULL;
STACK_OF(X509) * untrustedchain = NULL;
zend_long purpose;
char * untrusted = NULL;
Expand All @@ -2420,7 +2422,7 @@ PHP_FUNCTION(openssl_x509_checkpurpose)
if (cainfo == NULL) {
goto clean_exit;
}
cert = php_openssl_x509_from_zval(zcert, 0, &certresource);
cert = php_openssl_x509_from_zval(zcert, 0, NULL);
if (cert == NULL) {
goto clean_exit;
}
Expand All @@ -2431,11 +2433,10 @@ PHP_FUNCTION(openssl_x509_checkpurpose)
} else {
RETVAL_BOOL(ret);
}

clean_exit:
if (certresource == NULL && cert) {
if (Z_TYPE_P(zcert) != IS_RESOURCE) {
X509_free(cert);
}
clean_exit:
if (cainfo) {
X509_STORE_free(cainfo);
}
Expand Down Expand Up @@ -2622,7 +2623,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
size_t pass_len;
zval *zcert = NULL, *zpkey = NULL, *args = NULL;
EVP_PKEY *priv_key = NULL;
zend_resource *certresource, *keyresource;
zend_resource *keyresource;
zval * item;
STACK_OF(X509) *ca = NULL;

Expand All @@ -2631,7 +2632,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)

RETVAL_FALSE;

cert = php_openssl_x509_from_zval(zcert, 0, &certresource);
cert = php_openssl_x509_from_zval(zcert, 0, NULL);
if (cert == NULL) {
php_error_docref(NULL, E_WARNING, "cannot get cert from parameter 1");
return;
Expand All @@ -2641,7 +2642,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
php_error_docref(NULL, E_WARNING, "cannot get private key from parameter 3");
goto cleanup;
}
if (cert && !X509_check_private_key(cert, priv_key)) {
if (!X509_check_private_key(cert, priv_key)) {
php_error_docref(NULL, E_WARNING, "private key does not correspond to cert");
goto cleanup;
}
Expand Down Expand Up @@ -2685,7 +2686,8 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
if (keyresource == NULL && priv_key) {
EVP_PKEY_free(priv_key);
}
if (certresource == NULL && cert) {

if (Z_TYPE_P(zcert) != IS_RESOURCE) {
X509_free(cert);
}
}
Expand All @@ -2700,7 +2702,7 @@ PHP_FUNCTION(openssl_pkcs12_export)
PKCS12 * p12 = NULL;
zval * zcert = NULL, *zout = NULL, *zpkey, *args = NULL;
EVP_PKEY *priv_key = NULL;
zend_resource *certresource, *keyresource;
zend_resource *keyresource;
char * pass;
size_t pass_len;
char * friendly_name = NULL;
Expand All @@ -2712,7 +2714,7 @@ PHP_FUNCTION(openssl_pkcs12_export)

RETVAL_FALSE;

cert = php_openssl_x509_from_zval(zcert, 0, &certresource);
cert = php_openssl_x509_from_zval(zcert, 0, NULL);
if (cert == NULL) {
php_error_docref(NULL, E_WARNING, "cannot get cert from parameter 1");
return;
Expand All @@ -2722,7 +2724,7 @@ PHP_FUNCTION(openssl_pkcs12_export)
php_error_docref(NULL, E_WARNING, "cannot get private key from parameter 3");
goto cleanup;
}
if (cert && !X509_check_private_key(cert, priv_key)) {
if (!X509_check_private_key(cert, priv_key)) {
php_error_docref(NULL, E_WARNING, "private key does not correspond to cert");
goto cleanup;
}
Expand Down Expand Up @@ -2757,7 +2759,7 @@ PHP_FUNCTION(openssl_pkcs12_export)
if (keyresource == NULL && priv_key) {
EVP_PKEY_free(priv_key);
}
if (certresource == NULL && cert) {
if (Z_TYPE_P(zcert) != IS_RESOURCE) {
X509_free(cert);
}
}
Expand Down

0 comments on commit 999fe36

Please sign in to comment.