Fix #66942: openssl_seal() memory leak

Fix #66952: memory leak in openssl_open()

diff --git a/NEWS b/NEWS
index 2d98de7fa0ca4847e04559777da1b97edc5a4625..6caf4c41d77d5befa0c63357229a68f89c4996f7 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -40,6 +40,10 @@ PHP                                                                        NEWS
 - LDAP:
   . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
 
+- OpenSSL:
+  . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
+  . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
+
 - SimpleXML:
   . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
     (Anatol)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 88ad2ef129373225493399684c349b298efaf600..257681f045f3ef58d737ec1570a28f1ebb3a2017 100755 (executable)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4321,6 +4321,7 @@ PHP_FUNCTION(openssl_seal)
 
        if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) {
                RETVAL_FALSE;
+               EVP_CIPHER_CTX_cleanup(&ctx);
                goto clean_exit;
        }
 
@@ -4331,10 +4332,12 @@ PHP_FUNCTION(openssl_seal)
 #endif
        /* allocate one byte extra to make room for \0 */
        buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
+       EVP_CIPHER_CTX_cleanup(&ctx);
 
        if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
                RETVAL_FALSE;
                efree(buf);
+               EVP_CIPHER_CTX_cleanup(&ctx);
                goto clean_exit;
        }
 
@@ -4367,6 +4370,7 @@ PHP_FUNCTION(openssl_seal)
                efree(buf);
        }
        RETVAL_LONG(len1 + len2);
+       EVP_CIPHER_CTX_cleanup(&ctx);
 
 clean_exit:
        for (i=0; i<nkeys; i++) {
@@ -4425,25 +4429,21 @@ PHP_FUNCTION(openssl_open)
        if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
                if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
                        efree(buf);
-                       if (keyresource == -1) {
-                               EVP_PKEY_free(pkey);
-                       }
-                       RETURN_FALSE;
+                       RETVAL_FALSE;
+               } else {
+                       zval_dtor(opendata);
+                       buf[len1 + len2] = '\0';
+                       ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
+                       RETVAL_TRUE;
                }
        } else {
                efree(buf);
-               if (keyresource == -1) {
-                       EVP_PKEY_free(pkey);
-               }
-               RETURN_FALSE;
+               RETVAL_FALSE;
        }
        if (keyresource == -1) {
                EVP_PKEY_free(pkey);
        }
-       zval_dtor(opendata);
-       buf[len1 + len2] = '\0';
-       ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
-       RETURN_TRUE;
+       EVP_CIPHER_CTX_cleanup(&ctx);
 }
 /* }}} */