Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4: Fix #66942: openssl_seal() memory leak ws fix Conflicts: ext/openssl/openssl.c
author: Stanislav Malyshev <stas@php.net> 2014-04-14 13:35:00 -0700
committer: Stanislav Malyshev <stas@php.net> 2014-04-14 13:35:24 -0700
commit: 8bc82718aecf60696d2d0a9517403f8a282e3573 (patch)
tree: 8717a2312856a4b2ed2edf5ea1df0c6fe5042f42
parent: 22acea99ff3456abf316e838bfdabe37628e36f8 (diff)
parent: a186312832207437e4783024dcdece5232ac6c39 (diff)
download: php-git-8bc82718aecf60696d2d0a9517403f8a282e3573.tar.gz
3 files changed, 31 insertions, 24 deletions
diff --git a/NEWS b/NEWS
index f571b560ee..0c155d85e8 100644
--- a/NEWS
+++ b/NEWS
@@ -35,10 +35,17 @@ PHP                                                                        NEWS
   . Fixed bug #66021 (Blank line inside empty array/object when
     JSON_PRETTY_PRINT is set). (Kevin Israel)
 
+- LDAP:
+  . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
+
 - mysqli:
   . Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter
     (extra comma) and third parameters (lack of escaping). (Andrey)
 
+- OpenSSL:
+  . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
+  . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
+
 - SimpleXML:
   . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
     (Anatol)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index e887ca7697..b2b8c0e56e 100755
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4384,6 +4384,7 @@ PHP_FUNCTION(openssl_seal)
 
 	if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) {
 		RETVAL_FALSE;
+		EVP_CIPHER_CTX_cleanup(&ctx);
 		goto clean_exit;
 	}
 
@@ -4394,10 +4395,12 @@ PHP_FUNCTION(openssl_seal)
 #endif
 	/* allocate one byte extra to make room for \0 */
 	buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
+	EVP_CIPHER_CTX_cleanup(&ctx);
 
 	if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
 		RETVAL_FALSE;
 		efree(buf);
+		EVP_CIPHER_CTX_cleanup(&ctx);
 		goto clean_exit;
 	}
 
@@ -4430,6 +4433,7 @@ PHP_FUNCTION(openssl_seal)
 		efree(buf);
 	}
 	RETVAL_LONG(len1 + len2);
+	EVP_CIPHER_CTX_cleanup(&ctx);
 
 clean_exit:
 	for (i=0; i<nkeys; i++) {
@@ -4488,25 +4492,21 @@ PHP_FUNCTION(openssl_open)
 	if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
 		if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
 			efree(buf);
-			if (keyresource == -1) { 
-				EVP_PKEY_free(pkey);
-			}
-			RETURN_FALSE;
+			RETVAL_FALSE;
+		} else {
+			zval_dtor(opendata);
+			buf[len1 + len2] = '\0';
+			ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
+			RETVAL_TRUE;
 		}
 	} else {
 		efree(buf);
-		if (keyresource == -1) {
-			EVP_PKEY_free(pkey);
-		}
-		RETURN_FALSE;
+		RETVAL_FALSE;
 	}
 	if (keyresource == -1) {
 		EVP_PKEY_free(pkey);
 	}
-	zval_dtor(opendata);
-	buf[len1 + len2] = '\0';
-	ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
-	RETURN_TRUE;
+	EVP_CIPHER_CTX_cleanup(&ctx);
 }
 /* }}} */
 
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index 76f5d4c7c6..e435246eb9 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -136,27 +136,27 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 
 		data->lastkey = estrdup(key);
                        
-        /* O_NOFOLLOW to prevent us from following evil symlinks */
+		/* O_NOFOLLOW to prevent us from following evil symlinks */
 #ifdef O_NOFOLLOW
-        data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode);
+		data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode);
 #else
-        /* Check to make sure that the opened file is not outside of allowable dirs. 
-           This is not 100% safe but it's hard to do something better without O_NOFOLLOW */
-        if(PG(open_basedir) && lstat(buf, &sbuf) == 0 && S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) {
-            return;
-        }
-        data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode);
+		/* Check to make sure that the opened file is not outside of allowable dirs. 
+		   This is not 100% safe but it's hard to do something better without O_NOFOLLOW */
+		if(PG(open_basedir) && lstat(buf, &sbuf) == 0 && S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) {
+			return;
+		}
+		data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode);
 #endif
 
 		if (data->fd != -1) {
 #ifndef PHP_WIN32
-            /* check that this session file was created by us or root – we
-               don't want to end up accepting the sessions of another webapp */
-            if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) {
+			/* check that this session file was created by us or root – we
+			   don't want to end up accepting the sessions of another webapp */
+			if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) {
 				close(data->fd);
 				data->fd = -1;
 				return;
-            }
+			}
 #endif
 			flock(data->fd, LOCK_EX);
author	Stanislav Malyshev <stas@php.net>	2014-04-14 13:35:00 -0700
committer	Stanislav Malyshev <stas@php.net>	2014-04-14 13:35:24 -0700
commit	8bc82718aecf60696d2d0a9517403f8a282e3573 (patch)
tree	8717a2312856a4b2ed2edf5ea1df0c6fe5042f42
parent	22acea99ff3456abf316e838bfdabe37628e36f8 (diff)
parent	a186312832207437e4783024dcdece5232ac6c39 (diff)
download	php-git-8bc82718aecf60696d2d0a9517403f8a282e3573.tar.gz