- fix leaks in openssl context options

author Pierre Joye <pajoye@php.net>

Fri, 26 May 2006 00:32:07 +0000 (00:32 +0000)

committer Pierre Joye <pajoye@php.net>

Fri, 26 May 2006 00:32:07 +0000 (00:32 +0000)
author Pierre Joye <pajoye@php.net>
Fri, 26 May 2006 00:32:07 +0000 (00:32 +0000)
committer Pierre Joye <pajoye@php.net>
Fri, 26 May 2006 00:32:07 +0000 (00:32 +0000)
diff --git a/NEWS b/NEWS

index a8460b9ba508545c24638e0b56d44d7b73a74c83..4fc2652a44d9ea2112928842ca44bca83754998e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -44,6 +44,7 @@ PHP                                                                        NEWS
  - Added pg_field_table() function. (Edin)
  - Added implementation of curl_multi_info_read(). (Brian)
  - Added RFC2397 (data: stream) support. (Marcus)
+- Fixed memory leaks in openssl streams context options (Pierre)
  - Fixed handling of extremely long paths inside tempnam() function. (Ilia)
  - Fixed bug #37587 (var without attribute causes segfault). (Marcus)
  - Fixed bug #37569 (WDDX incorrectly encodes high-ascii characters). (Ilia)
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c

index 4a5e302a41a0da44ae7ac6b4715b750e8d9a09d5..504ae8bd4d11f62c908dce64e03bcd478c0e42fd 100644 (file)
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -432,6 +432,7 @@ static inline int php_openssl_enable_crypto(php_stream *stream,
                                                                 "ssl", "peer_certificate",
                                                                 zcert);
                                                 peer_cert = NULL;
+                                               efree(zcert);
                                         }
  
                                         if (SUCCESS == php_stream_context_get_option(
@@ -445,7 +446,7 @@ static inline int php_openssl_enable_crypto(php_stream *stream,
                                                 chain = SSL_get_peer_cert_chain(
                                                                         sslsock->ssl_handle);
  
-                                               if (chain) {
+                                               if (chain && sk_X509_num(chain) > 0) {
                                                         int i;
                                                         array_init(arr);
  
@@ -458,6 +459,8 @@ static inline int php_openssl_enable_crypto(php_stream *stream,
                                                                                         php_openssl_get_x509_list_id()));
                                                                 add_next_index_zval(arr, zcert);
                                                         }
+                                                               efree(zcert);
+
                                                 } else {
                                                         ZVAL_NULL(arr);
                                                 }
@@ -465,6 +468,8 @@ static inline int php_openssl_enable_crypto(php_stream *stream,
                                                 php_stream_context_set_option(stream->context,
                                                                 "ssl", "peer_certificate_chain",
                                                                 arr);
+                                               zval_dtor(arr);
+                                               efree(arr);
                                         }
                                 }
                         }
author	Pierre Joye <pajoye@php.net>
	Fri, 26 May 2006 00:32:07 +0000 (00:32 +0000)
committer	Pierre Joye <pajoye@php.net>
	Fri, 26 May 2006 00:32:07 +0000 (00:32 +0000)
NEWS		patch \| blob \| history
ext/openssl/xp_ssl.c		patch \| blob \| history