fix bug #73275 - crash in openssl_encrypt function

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 844132b2ccb3b2861f39a4e1a595e0620160e498..33593e729e391c442c715262975136d1d83892c7 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -5260,7 +5260,7 @@ PHP_FUNCTION(openssl_encrypt)
        free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC);
 
        outlen = data_len + EVP_CIPHER_block_size(cipher_type);
-       outbuf = emalloc(outlen + 1);
+       outbuf = safe_emalloc(outlen, 1, 1);
 
        EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
        if (password_len > keylen) {
@@ -5278,14 +5278,18 @@ PHP_FUNCTION(openssl_encrypt)
                outlen += i;
                if (options & OPENSSL_RAW_DATA) {
                        outbuf[outlen] = '\0';
-                       RETVAL_STRINGL((char *)outbuf, outlen, 0);
+                       RETVAL_STRINGL_CHECK((char *)outbuf, outlen, 0);
                } else {
                        int base64_str_len;
                        char *base64_str;
 
                        base64_str = (char*)php_base64_encode(outbuf, outlen, &base64_str_len);
                        efree(outbuf);
-                       RETVAL_STRINGL(base64_str, base64_str_len, 0);
+                       if (!base64_str) {
+                               RETVAL_FALSE;
+                       } else {
+                               RETVAL_STRINGL(base64_str, base64_str_len, 0);
+                       }
                }
        } else {
                efree(outbuf);