Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit f5a3a64

Browse files
authored
ext/phar: Fix memory leaks when verifying OpenSSL signature (#19563)
1 parent d74901a commit f5a3a64

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

‎ext/phar/util.c‎

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1903,6 +1903,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
19031903

19041904
if (!EVP_SignInit(md_ctx, mdtype)) {
19051905
EVP_PKEY_free(key);
1906+
EVP_MD_CTX_free(md_ctx);
19061907
efree(sigbuf);
19071908
if (error) {
19081909
spprintf(error, 0, "unable to initialize openssl signature for phar \"%s\"", phar->fname);
@@ -1913,6 +1914,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
19131914
while ((sig_len = php_stream_read(fp, (char*)buf, sizeof(buf))) > 0) {
19141915
if (!EVP_SignUpdate(md_ctx, buf, sig_len)) {
19151916
EVP_PKEY_free(key);
1917+
EVP_MD_CTX_free(md_ctx);
19161918
efree(sigbuf);
19171919
if (error) {
19181920
spprintf(error, 0, "unable to update the openssl signature for phar \"%s\"", phar->fname);
@@ -1923,6 +1925,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
19231925

19241926
if (!EVP_SignFinal (md_ctx, sigbuf, &siglen, key)) {
19251927
EVP_PKEY_free(key);
1928+
EVP_MD_CTX_free(md_ctx);
19261929
efree(sigbuf);
19271930
if (error) {
19281931
spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
@@ -1932,7 +1935,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
19321935

19331936
sigbuf[siglen] = '0円';
19341937
EVP_PKEY_free(key);
1935-
EVP_MD_CTX_destroy(md_ctx);
1938+
EVP_MD_CTX_free(md_ctx);
19361939
#else
19371940
size_t siglen;
19381941
sigbuf = NULL;

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /