From a8d0e14541b264ac93ea454f8f22c0a5306359e3 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+ndossche@users.noreply.github.com> Date: Wed, 28 Jan 2026 18:58:47 +0100 Subject: [PATCH 1/2] Fix memory leaks when php_openssl_dh_pub_from_priv() fails Leak report: ``` Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7f97cf4cb340 in calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77 #1 0x7f97cef66106 in BN_new bn/bn_lib.c:75 #2 0x7f97cef6006c in bn_bin2bn_cbs bn/bn_convert.c:151 #3 0x7f97cef60853 in BN_bin2bn bn/bn_convert.c:206 #4 0x56229112465b in php_openssl_pkey_init_dh_data /work/php-src/ext/openssl/openssl_backend_v1.c:208 #5 0x5622911248be in php_openssl_pkey_init_dh /work/php-src/ext/openssl/openssl_backend_v1.c:246 #6 0x5622910fe1d7 in zif_openssl_pkey_new /work/php-src/ext/openssl/openssl.c:2051 #7 0x562291eb44e5 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306 #8 0x5622921dc85a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154 #9 0x56229233cfa5 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519 #10 0x562292351ec0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962 #11 0x5622924b60cc in zend_execute_script /work/php-src/Zend/zend.c:1980 #12 0x562291ee8ecb in php_execute_script_ex /work/php-src/main/main.c:2645 #13 0x562291ee92db in php_execute_script /work/php-src/main/main.c:2685 #14 0x5622924bbc37 in do_cli /work/php-src/sapi/cli/php_cli.c:951 #15 0x5622924be204 in main /work/php-src/sapi/cli/php_cli.c:1362 #16 0x7f97ceb301c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e) #17 0x7f97ceb3028a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e) #18 0x562291009db4 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609db4) (BuildId: 5cc444a6a9fc1a486ea698e72366c16bd5472605) ... etc ... ``` --- ext/openssl/openssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 12383ac8c2c8..0c8974b7e0b1 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4269,6 +4269,10 @@ static bool php_openssl_pkey_init_legacy_dh(DH *dh, zval *data, bool *is_private if (priv_key) { pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p); if (pub_key == NULL) { + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(priv_key); return 0; } return DH_set0_key(dh, pub_key, priv_key); From 8bb134a952cfadd78074a4305e0dad3c8b313fb5 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+ndossche@users.noreply.github.com> Date: Fri, 30 Jan 2026 12:28:47 +0100 Subject: [PATCH 2/2] Fix extra leak --- ext/openssl/openssl.c | 7 ++++++- main/php_version.h | 6 +++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 0c8974b7e0b1..6902c625d039 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4256,7 +4256,12 @@ static bool php_openssl_pkey_init_legacy_dh(DH *dh, zval *data, bool *is_private OPENSSL_PKEY_SET_BN(data, p); OPENSSL_PKEY_SET_BN(data, q); OPENSSL_PKEY_SET_BN(data, g); - if (!p || !g || !DH_set0_pqg(dh, p, q, g)) { + if (!p || !q) { + BN_free(p); + return 0; + } + + if (!DH_set0_pqg(dh, p, q, g)) { return 0; } diff --git a/main/php_version.h b/main/php_version.h index a508f5375c46..a6084939e04e 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.ac to change version number */ #define PHP_MAJOR_VERSION 8 #define PHP_MINOR_VERSION 4 -#define PHP_RELEASE_VERSION 18 +#define PHP_RELEASE_VERSION 19 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "8.4.18-dev" -#define PHP_VERSION_ID 80418 +#define PHP_VERSION "8.4.19-dev" +#define PHP_VERSION_ID 80419