wudi · pull · Apr 2, 2025 · Mar 29, 2025 · Apr 2, 2025 · Apr 2, 2025
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -3968,6 +3968,7 @@ PHP_FUNCTION(openssl_sign)
 		mdtype = php_openssl_get_evp_md_from_algo(method_long);
 	}
 	if (!mdtype && (!can_default_digest || method_long != 0)) {
+		EVP_PKEY_free(pkey);
 		php_error_docref(NULL, E_WARNING, "Unknown digest algorithm");
 		RETURN_FALSE;
 	}
@@ -4471,17 +4472,15 @@ PHP_FUNCTION(openssl_random_pseudo_bytes)
 		RETURN_THROWS();
 	}
 
-	if (zstrong_result_returned) {
-		ZEND_TRY_ASSIGN_REF_FALSE(zstrong_result_returned);
-	}
-
 	if ((buffer = php_openssl_random_pseudo_bytes(buffer_length))) {
 		ZSTR_VAL(buffer)[buffer_length] = 0;
 		RETVAL_NEW_STR(buffer);
-	}
 
-	if (zstrong_result_returned) {
-		ZEND_TRY_ASSIGN_REF_TRUE(zstrong_result_returned);
+		if (zstrong_result_returned) {
+			ZEND_TRY_ASSIGN_REF_TRUE(zstrong_result_returned);
+		}
+	} else if (zstrong_result_returned) {
+		ZEND_TRY_ASSIGN_REF_FALSE(zstrong_result_returned);
 	}
 }
 /* }}} */
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
@@ -2123,11 +2123,10 @@ PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_le
 	PHP_OPENSSL_CHECK_LONG_TO_INT_NULL_RETURN(buffer_length, length);
 	PHP_OPENSSL_RAND_ADD_TIME();
 	if (RAND_bytes((unsigned char*)ZSTR_VAL(buffer), (int)buffer_length) <= 0) {
+		php_openssl_store_errors();
 		zend_string_release_ex(buffer, 0);
 		zend_throw_exception(zend_ce_exception, "Error reading from source device", 0);
 		return NULL;
-	} else {
-		php_openssl_store_errors();
 	}
 
 	return buffer;

diff --git a/ext/openssl/tests/openssl_sign_invalid_algorithm.phpt b/ext/openssl/tests/openssl_sign_invalid_algorithm.phpt
@@ -0,0 +1,18 @@
+--TEST--
+openssl_sign: invalid algorithm
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+$dir = __DIR__;
+$file_pub = $dir . '/bug37820cert.pem';
+$file_key = $dir . '/bug37820key.pem';
+
+$priv_key = file_get_contents($file_key);
+$priv_key_id = openssl_get_privatekey($priv_key);
+
+$data = "some custom data";
+openssl_sign($data, $signature, $priv_key_id, "invalid algo");
+?>
+--EXPECTF--
+Warning: openssl_sign(): Unknown digest algorithm in %s on line %d
diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c
@@ -204,6 +204,7 @@ PHP_FUNCTION(iptcembed)
 
 	if (spool < 2) {
 		if (zend_fstat(fileno(fp), &sb) != 0) {
+			fclose(fp);
 			RETURN_FALSE;
 		}