Fix EVP_PKEY leak in phar

author Nikita Popov <nikita.ppv@gmail.com>

Mon, 24 Jun 2019 14:51:40 +0000 (16:51 +0200)

committer Nikita Popov <nikita.ppv@gmail.com>

Tue, 25 Jun 2019 08:25:44 +0000 (10:25 +0200)
author Nikita Popov <nikita.ppv@gmail.com>
Mon, 24 Jun 2019 14:51:40 +0000 (16:51 +0200)
committer Nikita Popov <nikita.ppv@gmail.com>
Tue, 25 Jun 2019 08:25:44 +0000 (10:25 +0200)
diff --git a/ext/phar/util.c b/ext/phar/util.c

index ff1f3f46db028530ccef1aa90d227fcdf815df3c..ab5d3355ad358c809c3f142213dd6e12a0f700ba 100644 (file)
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1547,7 +1547,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
                                 return FAILURE;
                         }
  
-                       key = PEM_read_bio_PUBKEY(in, NULL,NULL, NULL);
+                       key = PEM_read_bio_PUBKEY(in, NULL, NULL, NULL);
                         BIO_free(in);
                         zend_string_release_ex(pubkey, 0);
  
@@ -1581,6 +1581,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
  
                         if (EVP_VerifyFinal(md_ctx, (unsigned char *)sig, sig_len, key) != 1) {
                                 /* 1: signature verified, 0: signature does not match, -1: failed signature operation */
+                               EVP_PKEY_free(key);
                                 EVP_MD_CTX_destroy(md_ctx);
  
                                 if (error) {
@@ -1590,6 +1591,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
                                 return FAILURE;
                         }
  
+                       EVP_PKEY_free(key);
                         EVP_MD_CTX_destroy(md_ctx);
  #endif
  
@@ -1861,6 +1863,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
                         sigbuf = emalloc(siglen + 1);
  
                         if (!EVP_SignInit(md_ctx, EVP_sha1())) {
+                               EVP_PKEY_free(key);
                                 efree(sigbuf);
                                 if (error) {
                                         spprintf(error, 0, "unable to initialize openssl signature for phar \"%s\"", phar->fname);
@@ -1870,6 +1873,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
  
                         while ((sig_len = php_stream_read(fp, (char*)buf, sizeof(buf))) > 0) {
                                 if (!EVP_SignUpdate(md_ctx, buf, sig_len)) {
+                                       EVP_PKEY_free(key);
                                         efree(sigbuf);
                                         if (error) {
                                                 spprintf(error, 0, "unable to update the openssl signature for phar \"%s\"", phar->fname);
@@ -1879,6 +1883,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
                         }
  
                         if (!EVP_SignFinal (md_ctx, sigbuf, &siglen, key)) {
+                               EVP_PKEY_free(key);
                                 efree(sigbuf);
                                 if (error) {
                                         spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
@@ -1887,6 +1892,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
                         }
  
                         sigbuf[siglen] = '\0';
+                       EVP_PKEY_free(key);
                         EVP_MD_CTX_destroy(md_ctx);
  #else
                         size_t siglen;
author	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 24 Jun 2019 14:51:40 +0000 (16:51 +0200)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Tue, 25 Jun 2019 08:25:44 +0000 (10:25 +0200)