@@ -836,9 +836,9 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s
836836 }
837837
838838 for (i = 0 ; i < X509_NAME_entry_count (name ); i ++ ) {
839- unsigned char * to_add ;
839+ unsigned char * to_add = NULL ;
840840 int to_add_len = 0 ;
841-
841+ int needs_free = 0 ;
842842
843843 ne = X509_NAME_get_entry (name , i );
844844 obj = X509_NAME_ENTRY_get_object (ne );
@@ -852,8 +852,11 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s
852852
853853 str = X509_NAME_ENTRY_get_data (ne );
854854 if (ASN1_STRING_type (str ) != V_ASN1_UTF8STRING ) {
855+ /* ASN1_STRING_to_UTF8(3): The converted data is copied into a newly allocated buffer */
855856 to_add_len = ASN1_STRING_to_UTF8 (& to_add , str );
857+ needs_free = 1 ;
856858 } else {
859+ /* ASN1_STRING_data(3): Since this is an internal pointer it should not be freed or modified in any way */
857860 to_add = ASN1_STRING_data (str );
858861 to_add_len = ASN1_STRING_length (str );
859862 }
@@ -874,7 +877,13 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s
874877 } else {
875878 php_openssl_store_errors ();
876879 }
880+
881+ if (needs_free ) {
882+ /* ASN1_STRING_to_UTF8(3): The buffer out should be freed using free(3) */
883+ free (to_add );
884+ }
877885 }
886+
878887 if (key != NULL ) {
879888 zend_hash_str_update (Z_ARRVAL_P (val ), key , strlen (key ), & subitem );
880889 }
@@ -2266,7 +2275,10 @@ PHP_FUNCTION(openssl_x509_parse)
22662275 char * extname ;
22672276 BIO * bio_out ;
22682277 BUF_MEM * bio_buf ;
2269- char * hexserial ;
2278+ ASN1_INTEGER * asn1_serial ;
2279+ BIGNUM * bn_serial ;
2280+ char * str_serial ;
2281+ char * hex_serial ;
22702282 char buf [256 ];
22712283
22722284 if (zend_parse_parameters (ZEND_NUM_ARGS (), "z|b" , & zcert , & useshortnames ) == FAILURE ) {
@@ -2294,19 +2306,28 @@ PHP_FUNCTION(openssl_x509_parse)
22942306 add_assoc_name_entry (return_value , "issuer" , X509_get_issuer_name (cert ), useshortnames );
22952307 add_assoc_long (return_value , "version" , X509_get_version (cert ));
22962308
2297- add_assoc_string ( return_value , "serialNumber" , i2s_ASN1_INTEGER ( NULL , X509_get_serialNumber (cert )) );
2309+ asn1_serial = X509_get_serialNumber (cert );
22982310
2299- /* Return the hex representation of the serial number, as defined by OpenSSL */
2300- hexserial = BN_bn2hex (ASN1_INTEGER_to_BN (X509_get_serialNumber (cert ), NULL ));
2311+ bn_serial = ASN1_INTEGER_to_BN (asn1_serial , NULL );
2312+ /* Can return NULL on error or memory allocation failure */
2313+ if (!bn_serial ) {
2314+ RETURN_FALSE ;
2315+ }
23012316
2302- /* If we received null back from BN_bn2hex, there was a critical error in openssl,
2303- * and we should not continue.
2304- */
2305- if (!hexserial ) {
2317+ hex_serial = BN_bn2hex ( bn_serial );
2318+ BN_free ( bn_serial );
2319+ /* Can return NULL on error or memory allocation failure */
2320+ if (!hex_serial ) {
23062321 RETURN_FALSE ;
23072322 }
2308- add_assoc_string (return_value , "serialNumberHex" , hexserial );
2309- OPENSSL_free (hexserial );
2323+
2324+ str_serial = i2s_ASN1_INTEGER (NULL , asn1_serial );
2325+ add_assoc_string (return_value , "serialNumber" , str_serial );
2326+ OPENSSL_free (str_serial );
2327+
2328+ /* Return the hex representation of the serial number, as defined by OpenSSL */
2329+ add_assoc_string (return_value , "serialNumberHex" , hex_serial );
2330+ OPENSSL_free (hex_serial );
23102331
23112332 add_assoc_asn1_string (return_value , "validFrom" , X509_get_notBefore (cert ));
23122333 add_assoc_asn1_string (return_value , "validTo" , X509_get_notAfter (cert ));
0 commit comments