Subject: fix bug #54060, memory leak in openssl_encrypt
Origin: http://svn.php.net/viewvc?view=revision&revision=308531

Also includes http://svn.php.net/viewvc?view=revision&revision=308532

  - fix test 025

http://svn.php.net/viewvc?view=revision&revision=308534

  - fix bug #54061, memory leak in openssl_decrypt

and http://svn.php.net/viewvc?view=revision&revision=308535 which adds a
testcase for #54061

CVE-2011-1468

Patch differs from upstream commits in that the addition to the NEWS
file was dropped to reduce patch conflicts.

--- /dev/null
+++ b/ext/openssl/tests/bug54061.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #54061 (Memory leak in openssl_decrypt)
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) die("skip"); ?>
+--FILE--
+<?php
+$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
+r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy
+972439 8478942 yrhfjkdhls";
+$pass = "r23498rui324hjbnkj";
+
+$cr = openssl_encrypt($data, 'des3', $pass, false, '1qazxsw2');
+$dcr = openssl_decrypt($cr, 'des3', $pass, false, '1qazxsw2');
+echo "Done";
+?>
+--EXPECT--
+Done
--- /dev/null
+++ b/ext/openssl/tests/bug54060.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #54060 (Memory leak in openssl_encrypt)
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) die("skip"); ?>
+--FILE--
+<?php
+
+$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
+r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy
+972439 8478942 yrhfjkdhls";
+$pass = "r23498rui324hjbnkj";
+
+openssl_encrypt($data, 'des3', $pass, false, '1qazxsw2');
+echo "Done";
+?>
+--EXPECT--
+Done
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3545,14 +3545,13 @@ PHP_FUNCTION(openssl_pkcs7_sign)
 	char * outfilename;	int outfilename_len;
 	char * extracertsfilename = NULL; int extracertsfilename_len;
 
-	RETVAL_FALSE;
-
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls",
 				&infilename, &infilename_len, &outfilename, &outfilename_len,
 				&zcert, &zprivkey, &zheaders, &flags, &extracertsfilename,
 				&extracertsfilename_len) == FAILURE) {
 		return;
 	}
+	RETVAL_FALSE;
 
 	if (strlen(infilename) != infilename_len) {
 		return;
@@ -4732,6 +4731,7 @@ PHP_FUNCTION(openssl_encrypt)
 	if (free_iv) {
 		efree(iv);
 	}
+	EVP_CIPHER_CTX_cleanup(&cipher_ctx);
 }
 /* }}} */
 
@@ -4805,6 +4805,7 @@ PHP_FUNCTION(openssl_decrypt)
 	if (base64_str) {
 		efree(base64_str);
 	}
+ 	EVP_CIPHER_CTX_cleanup(&cipher_ctx);
 }
 /* }}} */