From 7d5c9f2a34dae2c2de9ef9d302206801216e339b Mon Sep 17 00:00:00 2001 From: ndossche Date: Tue, 5 May 2026 17:17:39 +0200 Subject: [PATCH] openssl: Use proper error propagation when X509_dup() fails in openssl_x509_read() Otherwise x509 field is NULL and can cause a NULL deref which is UB (and causes a SEGV). --- ext/openssl/openssl.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 6d179cebabda..02ae5168782d 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -2517,9 +2517,20 @@ PHP_FUNCTION(openssl_x509_read) RETURN_FALSE; } + X509 *obj_x509; + if (cert_obj) { + obj_x509 = X509_dup(cert); + if (!obj_x509) { + php_error_docref(NULL, E_WARNING, "X.509 Certificate could not be duplicated"); + RETURN_FALSE; + } + } else { + obj_x509 = cert; + } + object_init_ex(return_value, php_openssl_certificate_ce); x509_cert_obj = Z_OPENSSL_CERTIFICATE_P(return_value); - x509_cert_obj->x509 = cert_obj ? X509_dup(cert) : cert; + x509_cert_obj->x509 = obj_x509; } /* }}} */