From: Jakub Zelenka <bukka@php.net>
Date: Sun, 30 Oct 2016 18:58:11 +0000 (+0000)
Subject: Fix EC_KEY memory leaks
X-Git-Tag: php-7.1.0RC6~43
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=72659f95975a2587b7f180c3812fec61518e3cd2;p=php

Fix EC_KEY memory leaks

It was caused by using of EVP_PKEY_get1_EC_KEY which increments an EC_KEY
reference. The fix it we simply use EVP_PKEY_get0_EC_KEY.
---

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index ab58f47d0f..ce9a5019d0 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4370,7 +4370,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
 		switch (EVP_PKEY_base_id(key)) {
 #ifdef HAVE_EVP_PKEY_EC
 			case EVP_PKEY_EC:
-				pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
+				pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get0_EC_KEY(key), cipher, (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
 				break;
 #endif
 			default:
@@ -4444,7 +4444,7 @@ PHP_FUNCTION(openssl_pkey_export)
 		switch (EVP_PKEY_base_id(key)) {
 #ifdef HAVE_EVP_PKEY_EC
 			case EVP_PKEY_EC:
-				pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
+				pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get0_EC_KEY(key), cipher, (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
 				break;
 #endif
 			default:
@@ -4656,7 +4656,7 @@ PHP_FUNCTION(openssl_pkey_get_details)
 				ASN1_OBJECT *obj;
 				// openssl recommends a buffer length of 80
 				char oir_buf[80];
-				const EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pkey);
+				const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
 				BIGNUM *x = BN_new();
 				BIGNUM *y = BN_new();
 				const BIGNUM *d;