From: Leigh <leigh@php.net>
Date: Fri, 6 Jan 2017 14:58:54 +0000 (+0000)
Subject: Fix memleaks from #1755 and some pre-existing ones
X-Git-Tag: php-7.1.2RC1~135^2^2~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=053b966134dec5bdde30da92b581be0f523c4c6b;p=php

Fix memleaks from #1755 and some pre-existing ones
---

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 6d3f9ef4bb..5de4869908 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -703,6 +703,8 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s
 				add_assoc_stringl(&subitem, sname, (char *)to_add, to_add_len);
 			}
 		}
+
+		OPENSSL_free(to_add);
 	}
 	if (key != NULL) {
 		zend_hash_str_update(Z_ARRVAL_P(val), key, strlen(key), &subitem);
@@ -2004,7 +2006,10 @@ PHP_FUNCTION(openssl_x509_parse)
 	char *extname;
 	BIO *bio_out;
 	BUF_MEM *bio_buf;
-	char * hexserial;
+	ASN1_INTEGER *asn1_serial;
+	BIGNUM *bn_serial;
+	char *str_serial;
+	char *hex_serial;
 	char buf[256];
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "z|b", &zcert, &useshortnames) == FAILURE) {
@@ -2032,19 +2037,28 @@ PHP_FUNCTION(openssl_x509_parse)
 	add_assoc_name_entry(return_value, "issuer", 		X509_get_issuer_name(cert), useshortnames);
 	add_assoc_long(return_value, "version", 			X509_get_version(cert));
 
-	add_assoc_string(return_value, "serialNumber", i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert)));
+	asn1_serial = X509_get_serialNumber(cert);
 
-	/* Return the hex representation of the serial number, as defined by OpenSSL */
-	hexserial = BN_bn2hex(ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), NULL));
+	bn_serial = ASN1_INTEGER_to_BN(asn1_serial, NULL);
+	/* Can return NULL on error or memory allocation failure */
+	if (!bn_serial) {
+		RETURN_FALSE;
+	}
 
-	/* If we received null back from BN_bn2hex, there was a critical error in openssl,
-	 * and we should not continue.
-	 */
-	if (!hexserial) {
+	hex_serial = BN_bn2hex(bn_serial);
+	BN_free(bn_serial);
+	/* Can return NULL on error or memory allocation failure */
+	if (!hex_serial) {
 		RETURN_FALSE;
 	}
-	add_assoc_string(return_value, "serialNumberHex", hexserial); 
-	OPENSSL_free(hexserial);
+
+	str_serial = i2s_ASN1_INTEGER(NULL, asn1_serial);
+	add_assoc_string(return_value, "serialNumber", str_serial);
+	OPENSSL_free(str_serial);
+
+	/* Return the hex representation of the serial number, as defined by OpenSSL */
+	add_assoc_string(return_value, "serialNumberHex", hex_serial);
+	OPENSSL_free(hex_serial);
 
 	add_assoc_asn1_string(return_value, "validFrom", 	X509_get_notBefore(cert));
 	add_assoc_asn1_string(return_value, "validTo", 		X509_get_notAfter(cert));