From 33b1fbbb5c0459a623ab91b492f1a37c5262329c Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 31 Jan 2016 20:18:46 -0800
Subject: [PATCH] Fixed bug #71475: openssl_seal() uninitialized memory usage

---
 ext/openssl/openssl.c           |  3 ++-
 ext/openssl/tests/bug71475.phpt | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 ext/openssl/tests/bug71475.phpt

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index a8ecbb2327..75c44a3918 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4938,6 +4938,7 @@ PHP_FUNCTION(openssl_seal)
 	memset(eks, 0, sizeof(*eks) * nkeys);
 	key_resources = safe_emalloc(nkeys, sizeof(zend_resource*), 0);
 	memset(key_resources, 0, sizeof(zend_resource*) * nkeys);
+	memset(pkeys, 0, sizeof(*pkeys) * nkeys);
 
 	/* get the public keys we are using to seal this data */
 	i = 0;
@@ -4999,7 +5000,7 @@ PHP_FUNCTION(openssl_seal)
 
 clean_exit:
 	for (i=0; i<nkeys; i++) {
-		if (key_resources[i] == NULL) {
+		if (key_resources[i] == NULL && pkeys[i] != NULL) {
 			EVP_PKEY_free(pkeys[i]);
 		}
 		if (eks[i]) {
diff --git a/ext/openssl/tests/bug71475.phpt b/ext/openssl/tests/bug71475.phpt
new file mode 100644
index 0000000000..680753d7ad
--- /dev/null
+++ b/ext/openssl/tests/bug71475.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #71475: openssl_seal() uninitialized memory usage
+--SKIPIF--
+<?php 
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+?>
+--FILE--
+<?php
+$_ = str_repeat("A", 512);
+openssl_seal($_, $_, $_, array_fill(0,64,0));
+?>
+DONE
+--EXPECTF--
+
+Warning: openssl_seal(): not a public key (1th member of pubkeys) in %s/bug71475.php on line %d
+DONE
\ No newline at end of file
-- 
2.40.0