Prevent leaking x509 and csr resources if it is not requested

All functions using php_openssl_x509_from_zval or php_openssl_csr_from_zval
with makeresource equal to 0 do not deref the resource which means there
is a leak till the end of the request. This can cause issues for long
running apps. It is a generic solution for bug #75363 which also covers
other functions.

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 41d65533a55f6f0077091c60ea3d4be6997049c5..5fbb55b5df3297b09a090750df1f2de24ccdb3cf 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1587,10 +1587,11 @@ static X509 * php_openssl_x509_from_zval(zval * val, int makeresource, zend_reso
                if (!what) {
                        return NULL;
                }
-               /* this is so callers can decide if they should free the X509 */
                if (resourceval) {
                        *resourceval = res;
-                       Z_ADDREF_P(val);
+                       if (makeresource) {
+                               Z_ADDREF_P(val);
+                       }
                }
                return (X509*)what;
        }
@@ -3047,7 +3048,9 @@ static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_r
                if (what) {
                        if (resourceval) {
                                *resourceval = res;
-                               Z_ADDREF_P(val);
+                               if (makeresource) {
+                                       Z_ADDREF_P(val);
+                               }
                        }
                        return (X509_REQ*)what;
                }