archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.3' into PHP-8.4

Browse source 
* PHP-8.3:
  Fix memory leak in openssl_sign() when passing invalid algorithm
This commit is contained in:
Niels Dossche 2025-04-02 20:18:57 +02:00
commit d689ff63e8
No known key found for this signature in database
GPG key ID: B8A8AD166DF0E2E5
3 changed files with 23 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -12,6 +12,10 @@ PHP NEWS
. Fixed imagecrop() overflow with rect argument with x/width y/heigh usage
in gdImageCrop(). (David Carlier)
- OpenSSL:
. Fix memory leak in openssl_sign() when passing invalid algorithm.
(nielsdos)
- Standard:
. Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()).
(Jakub Zelenka)

1
ext/openssl/openssl.c
View file

@ -7162,6 +7162,7 @@ PHP_FUNCTION(openssl_sign)
mdtype = php_openssl_get_evp_md_from_algo(method_long);
}
if (!mdtype && (!can_default_digest || method_long != 0)) {
EVP_PKEY_free(pkey);
php_error_docref(NULL, E_WARNING, "Unknown digest algorithm");
RETURN_FALSE;
}

18
ext/openssl/tests/openssl_sign_invalid_algorithm.phpt Normal file
View file

@ -0,0 +1,18 @@
--TEST--
openssl_sign: invalid algorithm
--EXTENSIONS--
openssl
--FILE--
<?php
$dir = __DIR__;
$file_pub = $dir . '/bug37820cert.pem';
$file_key = $dir . '/bug37820key.pem';
$priv_key = file_get_contents($file_key);
$priv_key_id = openssl_get_privatekey($priv_key);
$data = "some custom data";
openssl_sign($data, $signature, $priv_key_id, "invalid algo");
?>
--EXPECTF--
Warning: openssl_sign(): Unknown digest algorithm in %s on line %d