Fix potential leaks when writing to BIO fails

nielsdos · nielsdos · commit 29f96fb1f19a · 2025-04-11T21:02:37.000+02:00
When the BIO is created but writing fails, these can leak. Closes GH-18186.
diff --git a/NEWS b/NEWS
@@ -18,6 +18,7 @@ PHP                                                                        NEWS
 - OpenSSL:
   . Fix memory leak in openssl_sign() when passing invalid algorithm.
     (nielsdos)
+  . Fix potential leaks when writing to BIO fails. (nielsdos)
 
 - Standard:
   . Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()).
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -5742,8 +5742,8 @@ PHP_FUNCTION(openssl_pkcs7_read)
 				BIO_get_mem_ptr(bio_out, &bio_buf);
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
-				BIO_free(bio_out);
 			}
+			BIO_free(bio_out);
 		}
 	}
 
@@ -5757,8 +5757,8 @@ PHP_FUNCTION(openssl_pkcs7_read)
 				BIO_get_mem_ptr(bio_out, &bio_buf);
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
-				BIO_free(bio_out);
 			}
+			BIO_free(bio_out);
 		}
 	}
 
@@ -6383,8 +6383,8 @@ PHP_FUNCTION(openssl_cms_read)
 				BIO_get_mem_ptr(bio_out, &bio_buf);
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
-				BIO_free(bio_out);
 			}
+			BIO_free(bio_out);
 		}
 	}
 
@@ -6398,8 +6398,8 @@ PHP_FUNCTION(openssl_cms_read)
 				BIO_get_mem_ptr(bio_out, &bio_buf);
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
-				BIO_free(bio_out);
 			}
+			BIO_free(bio_out);
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -5742,8 +5742,8 @@ PHP_FUNCTION(openssl_pkcs7_read)`
`5742`	`5742`	`BIO_get_mem_ptr(bio_out, &bio_buf);`
`5743`	`5743`	`ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);`
`5744`	`5744`	`add_index_zval(zout, i, &zcert);`
`5745`		`- BIO_free(bio_out);`
`5746`	`5745`	`}`
	`5746`	`+ BIO_free(bio_out);`
`5747`	`5747`	`}`
`5748`	`5748`	`}`
`5749`	`5749`
`@@ -5757,8 +5757,8 @@ PHP_FUNCTION(openssl_pkcs7_read)`
`5757`	`5757`	`BIO_get_mem_ptr(bio_out, &bio_buf);`
`5758`	`5758`	`ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);`
`5759`	`5759`	`add_index_zval(zout, i, &zcert);`
`5760`		`- BIO_free(bio_out);`
`5761`	`5760`	`}`
	`5761`	`+ BIO_free(bio_out);`
`5762`	`5762`	`}`
`5763`	`5763`	`}`
`5764`	`5764`
`@@ -6383,8 +6383,8 @@ PHP_FUNCTION(openssl_cms_read)`
`6383`	`6383`	`BIO_get_mem_ptr(bio_out, &bio_buf);`
`6384`	`6384`	`ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);`
`6385`	`6385`	`add_index_zval(zout, i, &zcert);`
`6386`		`- BIO_free(bio_out);`
`6387`	`6386`	`}`
	`6387`	`+ BIO_free(bio_out);`
`6388`	`6388`	`}`
`6389`	`6389`	`}`
`6390`	`6390`
`@@ -6398,8 +6398,8 @@ PHP_FUNCTION(openssl_cms_read)`
`6398`	`6398`	`BIO_get_mem_ptr(bio_out, &bio_buf);`
`6399`	`6399`	`ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);`
`6400`	`6400`	`add_index_zval(zout, i, &zcert);`
`6401`		`- BIO_free(bio_out);`
`6402`	`6401`	`}`
	`6402`	`+ BIO_free(bio_out);`
`6403`	`6403`	`}`
`6404`	`6404`	`}`
`6405`	`6405`