From: Pierre Joye <pajoye@php.net>
Date: Sun, 30 Jul 2006 16:27:03 +0000 (+0000)
Subject: - MFB: #38261, openssl_x509_parse leaks with invalid certs
X-Git-Tag: RELEASE_1_0_0RC1~2166
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=30901dc4cd6fdf881e82878387684991a59ad75d;p=php

- MFB: #38261, openssl_x509_parse leaks with invalid certs
---

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 656d7e330b..993023ba9b 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -770,6 +770,11 @@ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long * r
 
 		return NULL;
 	}
+
+	if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) {
+		return NULL;
+	}
+
 	/* force it to be a string and check if it refers to a file */
 	convert_to_string_ex(val);
 
diff --git a/ext/openssl/tests/bug38261.phpt b/ext/openssl/tests/bug38261.phpt
new file mode 100644
index 0000000000..e7d806083e
--- /dev/null
+++ b/ext/openssl/tests/bug38261.phpt
@@ -0,0 +1,34 @@
+--TEST--
+openssl key from zval leaks 
+--SKIPIF--
+<?php 
+if (!extension_loaded("openssl")) die("skip"); 
+?>
+--FILE--
+<?php
+$cert = false;
+class test {
+	function __toString() {
+		return "test object";
+	}
+}
+$t = new test;
+
+var_dump(openssl_x509_parse("foo"));
+var_dump(openssl_x509_parse($t));
+var_dump(openssl_x509_parse(array()));
+var_dump(openssl_x509_parse());
+var_dump(openssl_x509_parse($cert));
+var_dump(openssl_x509_parse(new stdClass));
+
+?>
+--EXPECTF--
+bool(false)
+bool(false)
+bool(false)
+
+Warning: openssl_x509_parse() expects at least 1 parameter, 0 given in %s/bug38261.php on line %d
+NULL
+bool(false)
+
+Catchable fatal error: Object of class stdClass could not be converted to string in %s/bug38261.php on line %d