Merge branch 'PHP-8.4'

cmb69 · cmb69 · commit 40052b3461ef · 2024-10-12T16:08:16.000+02:00
* PHP-8.4: Fix GH-16357: openssl may modify member types of certificate arrays
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -1524,11 +1524,13 @@ static X509 *php_openssl_x509_from_zval(
 
 	*free_cert = 1;
 
-	if (!try_convert_to_string(val)) {
+	zend_string *str = zval_try_get_string(val);
+	if (str == NULL) {
 		return NULL;
 	}
-
-	return php_openssl_x509_from_str(Z_STR_P(val), arg_num, is_from_array, option_name);
+	X509 *cert = php_openssl_x509_from_str(str, arg_num, is_from_array, option_name);
+	zend_string_release(str);
+	return cert;
 }
 /* }}} */
 
diff --git a/ext/openssl/tests/gh16357.phpt b/ext/openssl/tests/gh16357.phpt
@@ -0,0 +1,22 @@
+--TEST--
+GH-16357 (openssl may modify member types of certificate arrays)
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+$infile = __DIR__ . "/cert.crt";
+$outfile = __DIR__ . "/gh16357.txt";
+$certs = [123];
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, $certs, null));
+var_dump($certs);
+?>
+--CLEAN--
+<?php
+unlink(__DIR__ . "/gh16357.txt");
+?>
+--EXPECT--
+bool(false)
+array(1) {
+  [0]=>
+  int(123)
+}

Original file line number	Diff line number	Diff line change
`@@ -1524,11 +1524,13 @@ static X509 *php_openssl_x509_from_zval(`
`1524`	`1524`
`1525`	`1525`	`*free_cert = 1;`
`1526`	`1526`
`1527`		`- if (!try_convert_to_string(val)) {`
	`1527`	`+ zend_string *str = zval_try_get_string(val);`
	`1528`	`+ if (str == NULL) {`
`1528`	`1529`	`return NULL;`
`1529`	`1530`	`}`
`1530`		`-`
`1531`		`- return php_openssl_x509_from_str(Z_STR_P(val), arg_num, is_from_array, option_name);`
	`1531`	`+ X509 *cert = php_openssl_x509_from_str(str, arg_num, is_from_array, option_name);`
	`1532`	`+ zend_string_release(str);`
	`1533`	`+ return cert;`
`1532`	`1534`	`}`
`1533`	`1535`	`/* }}} */`
`1534`	`1536`