archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.2' into PHP-8.3

Browse source 
* PHP-8.2:
  Fix potential NULL pointer dereference before calling EVP_SignInit
This commit is contained in:
Niels Dossche 2024-04-08 19:31:13 +02:00
commit 07fe3b2920
No known key found for this signature in database
GPG key ID: B8A8AD166DF0E2E5
2 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
NEWS
View file

@ -30,6 +30,7 @@ PHP NEWS
filename causes a NULL pointer dereference). (nielsdos) filename causes a NULL pointer dereference). (nielsdos)
. Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c). . Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c).
(nielsdos) (nielsdos)
. Fix potential NULL pointer dereference before calling EVP_SignInit. (icy17)
- PHPDBG: - PHPDBG:
. Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame). . Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).

7
ext/phar/util.c
View file

@ -1890,6 +1890,13 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
} }
md_ctx = EVP_MD_CTX_create(); md_ctx = EVP_MD_CTX_create();
if (md_ctx == NULL) {
EVP_PKEY_free(key);
if (error) {
spprintf(error, 0, "unable to initialize openssl signature for phar \"%s\"", phar->fname);
}
return FAILURE;
}
siglen = EVP_PKEY_size(key); siglen = EVP_PKEY_size(key);
sigbuf = emalloc(siglen + 1); sigbuf = emalloc(siglen + 1);