Commit c36c50e5936 for php.net
commit c36c50e593654eb867690f80a0547c37463a24db
Merge: 383ff8c63f3 786356db160
Author: Gina Peter Banyard <girgias@php.net>
Date: Mon Apr 20 17:02:13 2026 +0100
Merge branch 'PHP-8.5'
* PHP-8.5:
Update NEWS for recent bug fixes
ext/phar: Fix memory leak in phar_verify_signature() when md_ctx is invalid
phar: propagate phar_stream_flush return value from phar_stream_close
phar: call phar_entry_delref before goto finish in phar_add_file error paths
phar: free is_temp_dir entry before rejecting .phar/* paths in offsetGet
phar: fix NULL dereference in Phar::webPhar() when SCRIPT_NAME is absent
phar: restore is_link handler in phar_intercept_functions_shutdown
diff --cc ext/phar/phar_object.c
index 0af02748407,cc94539bd24..377f3583291
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@@ -638,7 -646,12 +638,10 @@@ PHP_METHOD(Phar, webPhar
pt = estrndup(Z_STRVAL_P(z_script_name), Z_STRLEN_P(z_script_name));
} else {
- char *testit;
-
- testit = sapi_getenv("SCRIPT_NAME", sizeof("SCRIPT_NAME")-1);
+ char *testit = sapi_getenv("SCRIPT_NAME", sizeof("SCRIPT_NAME")-1);
+ if (!testit) {
+ goto finish;
+ }
if (!(pt = strstr(testit, basename))) {
efree(testit);
goto finish;
@@@ -3510,9 -3590,14 +3513,14 @@@ PHP_METHOD(Phar, offsetGet
PHAR_ARCHIVE_OBJECT();
/* security is 0 here so that we can get a better error message than "entry doesn't exist" */
- if (!(entry = phar_get_entry_info_dir(phar_obj->archive, ZSTR_VAL(file_name), ZSTR_LEN(file_name), 1, &error, 0))) {
+ if (!(entry = phar_get_entry_info_dir(phar_obj->archive, ZSTR_VAL(file_name), ZSTR_LEN(file_name), 1, &error, false))) {
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "Entry %s does not exist%s%s", ZSTR_VAL(file_name), error?", ":"", error?error:"");
} else {
+ if (entry->is_temp_dir) {
+ zend_string_efree(entry->filename);
+ efree(entry);
+ }
+
if (zend_string_equals_literal(file_name, ".phar/stub.php")) {
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "Cannot get stub \".phar/stub.php\" directly in phar \"%s\", use getStub", phar_obj->archive->fname);
RETURN_THROWS();
diff --cc ext/phar/util.c
index bbfcde8d868,69f1aa9e6d9..e0f4dc3da6c
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@@ -1576,8 -1609,9 +1576,9 @@@ zend_result phar_verify_signature(php_s
if (md_ctx) {
EVP_MD_CTX_destroy(md_ctx);
}
+ EVP_PKEY_free(key);
if (error) {
- spprintf(error, 0, "openssl signature could not be verified");
+ *error = estrdup("openssl signature could not be verified");
}
return FAILURE;
}