openssl: fix memory leaks when session callback returns wrong type

ndossche · ndossche · commit c1c09bb3d52a · 2026-05-06T18:05:31.000+02:00
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
@@ -1634,13 +1634,12 @@ static SSL_SESSION *php_openssl_session_get_cb(SSL *ssl, const unsigned char *se
 				SSL_SESSION_up_ref(obj->session);
 				session = obj->session;
 			}
-			zval_ptr_dtor(&retval);
 		} else if (Z_TYPE(retval) != IS_NULL) {
 			zend_type_error("session_get_cb return type must be null or OpenSSLSession");
-			return NULL;
 		}
 	}
 
+	zval_ptr_dtor(&retval);
 	zval_ptr_dtor(&args[1]);
 
 	*copy = 0;

Original file line number	Diff line number	Diff line change
`@@ -1634,13 +1634,12 @@ static SSL_SESSION php_openssl_session_get_cb(SSL ssl, const unsigned char *se`
`1634`	`1634`	`SSL_SESSION_up_ref(obj->session);`
`1635`	`1635`	`session = obj->session;`
`1636`	`1636`	`}`
`1637`		`- zval_ptr_dtor(&retval);`
`1638`	`1637`	`} else if (Z_TYPE(retval) != IS_NULL) {`
`1639`	`1638`	`zend_type_error("session_get_cb return type must be null or OpenSSLSession");`
`1640`		`- return NULL;`
`1641`	`1639`	`}`
`1642`	`1640`	`}`
`1643`	`1641`
	`1642`	`+ zval_ptr_dtor(&retval);`
`1644`	`1643`	`zval_ptr_dtor(&args[1]);`
`1645`	`1644`
`1646`	`1645`	`*copy = 0;`