- fix leak on error in mcrypt_create_iv on windows

diff --git a/NEWS b/NEWS
index 6f44506cdea16f9e08492f60be1f4eb58805d885..6da149ee37419265c536d8fbec102a5b3757ba5d 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -33,6 +33,7 @@ PHP                                                                        NEWS
 - Fixed very rare memory leak in mysqlnd, when binding thousands of columns.
   (Andrey)
 
+- Fixed memory leak on error in mcrypt_create_iv on Windows. (Pierre)
 - Fixed a possible crash because of recursive GC invocation. (Dmitry)
 - Fixed a possible resource destruction issues in shm_put_var()
   Reported by Stefan Esser (Dmitry)

diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index dca8dfffd59c3ca6556574031d24a85c4bfdcdc6..1e73674169b84b4188fa4e3f3c71b40eab15b333 100644 (file)
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -1398,10 +1398,12 @@ PHP_FUNCTION(mcrypt_create_iv)
                        /* It could be done using LoadLibrary but as we rely on 2k+ for 5.3, cleaner to use a clear dependency (Advapi32) and a 
                                standard API call (no f=getAddr..; f();) */
                        if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+                               efree(iv);
                                php_error_docref(NULL TSRMLS_CC, E_ERROR, "Cannot open random device");
                                RETURN_FALSE;
                        }
                        if(!CryptGenRandom(hCryptProv, size,  iv_b)) {
+                               efree(iv);
                                php_error_docref(NULL TSRMLS_CC, E_ERROR, "Could not gather sufficient random data");
                                RETURN_FALSE;
                        }