From 4ac9b854866d55338b577c69e2f60b6229380a99 Mon Sep 17 00:00:00 2001 From: Chuan Ma Date: Mon, 24 Mar 2014 23:24:41 -0400 Subject: [PATCH 1/4] Fix #66942: openssl_seal() memory leak --- ext/openssl/openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index af9664aec0b4e..716686fbf86bb 100755 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4875,6 +4875,7 @@ PHP_FUNCTION(openssl_seal) #endif /* allocate one byte extra to make room for \0 */ buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); + EVP_CIPHER_CTX_cleanup(&ctx); if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { RETVAL_FALSE; @@ -4925,6 +4926,7 @@ PHP_FUNCTION(openssl_seal) efree(eksl); efree(pkeys); efree(key_resources); + EVP_CIPHER_CTX_cleanup(&ctx); } /* }}} */ From a597047a81671bf260f7b58bd751644a15fd8e56 Mon Sep 17 00:00:00 2001 From: Chuan Ma Date: Tue, 25 Mar 2014 00:31:34 -0400 Subject: [PATCH 2/4] Fix #66952: memory leak in openssl_open() --- ext/openssl/openssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 716686fbf86bb..602949ccaa00a 100755 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4986,6 +4986,7 @@ PHP_FUNCTION(openssl_open) if (keyresource == -1) { EVP_PKEY_free(pkey); } + EVP_CIPHER_CTX_cleanup(&ctx); zval_dtor(opendata); buf[len1 + len2] = '\0'; ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); From 6807fe95bf0375a642895dfb457d3f11c5615257 Mon Sep 17 00:00:00 2001 From: Chuan Ma Date: Tue, 25 Mar 2014 09:02:13 -0400 Subject: [PATCH 3/4] Fix #66952: refactor openssl_open() a little bit to avoid memory leak in all cases --- ext/openssl/openssl.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 602949ccaa00a..8dd7a9b615b2a 100755 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4971,26 +4971,21 @@ PHP_FUNCTION(openssl_open) if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { efree(buf); - if (keyresource == -1) { - EVP_PKEY_free(pkey); - } - RETURN_FALSE; + RETVAL_FALSE; + } else { + zval_dtor(opendata); + buf[len1 + len2] = '\0'; + ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); + RETVAL_TRUE; } } else { efree(buf); - if (keyresource == -1) { - EVP_PKEY_free(pkey); - } - RETURN_FALSE; + RETVAL_FALSE; } if (keyresource == -1) { EVP_PKEY_free(pkey); } EVP_CIPHER_CTX_cleanup(&ctx); - zval_dtor(opendata); - buf[len1 + len2] = '\0'; - ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); - RETURN_TRUE; } /* }}} */ From a4135cf3d9ed910c85c209611471f8fb843a6154 Mon Sep 17 00:00:00 2001 From: Chuan Ma Date: Sun, 13 Apr 2014 23:45:14 -0400 Subject: [PATCH 4/4] Fix #66942: don't call EVP_CIPHER_CTX_cleanup() at the end of openssl_seal() because in one corner case the variable ctx has not been initiated yet. --- ext/openssl/openssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 8dd7a9b615b2a..4f8f4b73340d2 100755 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4865,6 +4865,7 @@ PHP_FUNCTION(openssl_seal) if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) { RETVAL_FALSE; + EVP_CIPHER_CTX_cleanup(&ctx); goto clean_exit; } @@ -4880,6 +4881,7 @@ PHP_FUNCTION(openssl_seal) if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { RETVAL_FALSE; efree(buf); + EVP_CIPHER_CTX_cleanup(&ctx); goto clean_exit; } @@ -4912,6 +4914,7 @@ PHP_FUNCTION(openssl_seal) efree(buf); } RETVAL_LONG(len1 + len2); + EVP_CIPHER_CTX_cleanup(&ctx); clean_exit: for (i=0; i