Commit c2eadb49229 for php.net

commit c2eadb4922979d0c9074a0f139bbb3a89b32898b
Author: Niels Dossche <7771979+ndossche@users.noreply.github.com>
Date:   Thu Jan 22 22:16:02 2026 +0100

    Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails

    The X509_NAME_oneline() function can return NULL,
    which will cause a crash when the string length is computed via add_assoc_string().

    Closes GH-21011.

diff --git a/NEWS b/NEWS
index 89d5bc0f884..ecc0aaee316 100644
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,8 @@ PHP                                                                        NEWS

 - OpenSSL:
   . Fix memory leaks when sk_X509_new_null() fails. (ndossche)
+  . Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails.
+    (ndossche)

 - Phar:
   . Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 2a502f20688..415974f2fa7 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2166,6 +2166,12 @@ PHP_FUNCTION(openssl_x509_parse)
 	}

 	str_serial = i2s_ASN1_INTEGER(NULL, asn1_serial);
+	/* Can return NULL on error or memory allocation failure */
+	if (!str_serial) {
+		php_openssl_store_errors();
+		goto err;
+	}
+
 	add_assoc_string(return_value, "serialNumber", str_serial);
 	OPENSSL_free(str_serial);