Dev news

Commit 35e8cb87cb0 for php.net

commit 35e8cb87cb06e0a77b1751e36ba39bec15dc6471
Author: Nora Dossche <7771979+ndossche@users.noreply.github.com>
Date:   Wed Jan 28 18:58:47 2026 +0100

    Fix memory leaks when php_openssl_dh_pub_from_priv() fails

    Leak report:
    ```
    Direct leak of 24 byte(s) in 1 object(s) allocated from:
        #0 0x7f97cf4cb340 in calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
        #1 0x7f97cef66106 in BN_new bn/bn_lib.c:75
        #2 0x7f97cef6006c in bn_bin2bn_cbs bn/bn_convert.c:151
        #3 0x7f97cef60853 in BN_bin2bn bn/bn_convert.c:206
        #4 0x56229112465b in php_openssl_pkey_init_dh_data /work/php-src/ext/openssl/openssl_backend_v1.c:208
        #5 0x5622911248be in php_openssl_pkey_init_dh /work/php-src/ext/openssl/openssl_backend_v1.c:246
        #6 0x5622910fe1d7 in zif_openssl_pkey_new /work/php-src/ext/openssl/openssl.c:2051
        #7 0x562291eb44e5 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
        #8 0x5622921dc85a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
        #9 0x56229233cfa5 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
        #10 0x562292351ec0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
        #11 0x5622924b60cc in zend_execute_script /work/php-src/Zend/zend.c:1980
        #12 0x562291ee8ecb in php_execute_script_ex /work/php-src/main/main.c:2645
        #13 0x562291ee92db in php_execute_script /work/php-src/main/main.c:2685
        #14 0x5622924bbc37 in do_cli /work/php-src/sapi/cli/php_cli.c:951
        #15 0x5622924be204 in main /work/php-src/sapi/cli/php_cli.c:1362
        #16 0x7f97ceb301c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
        #17 0x7f97ceb3028a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
        #18 0x562291009db4 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609db4) (BuildId: 5cc444a6a9fc1a486ea698e72366c16bd5472605)

    ... etc ...
    ```

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 7bd2748c0ae..b10bd561ff5 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4275,7 +4275,12 @@ static bool php_openssl_pkey_init_legacy_dh(DH *dh, zval *data, bool *is_private
 	OPENSSL_PKEY_SET_BN(data, p);
 	OPENSSL_PKEY_SET_BN(data, q);
 	OPENSSL_PKEY_SET_BN(data, g);
-	if (!p || !g || !DH_set0_pqg(dh, p, q, g)) {
+	if (!p || !q) {
+		BN_free(p);
+		return 0;
+	}
+
+	if (!DH_set0_pqg(dh, p, q, g)) {
 		return 0;
 	}

@@ -4288,6 +4293,10 @@ static bool php_openssl_pkey_init_legacy_dh(DH *dh, zval *data, bool *is_private
 	if (priv_key) {
 		pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p);
 		if (pub_key == NULL) {
+			BN_free(p);
+			BN_free(q);
+			BN_free(g);
+			BN_free(priv_key);
 			return 0;
 		}
 		return DH_set0_key(dh, pub_key, priv_key);