Skip to content

openssl_csr_sign might leak new cert on error #12987

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bukka opened this issue Dec 20, 2023 · 0 comments
Closed

openssl_csr_sign might leak new cert on error #12987

bukka opened this issue Dec 20, 2023 · 0 comments
Labels
Bug Extension: openssl

Comments

@bukka
Copy link
Member

bukka commented Dec 20, 2023

Description

The new_cert variable in openssl_csr_sign implementation is not correctly freed if there is an error. It should be always checked in the clean if not used (set to the new object) and if so, then freed.

PHP Version

PHP 8.2+

Operating System

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Extension: openssl
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bukka