Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
  Add missing error check on PEM_write_bio_PKCS7()
  Add missing error check on PEM_write_bio_CMS()
  Add missing error check on i2d_PKCS12_bio()
  Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit()

Author: nielsdos

NEWS

@@ -12,9 +12,14 @@ PHP                                                                        NEWS
 - Opcache:
   . Fixed build for macOS to cater with pkg-config settings. (David Carlier)
 
+- OpenSSL:
+  . Add missing error checks on file writing functions. (nielsdos)
+
 - Phar:
   . Fixed bug GH-10766 (PharData archive created with Phar::Zip format does
     not keep files metadata (datetime)). (nielsdos)
+  . Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().
+    (nielsdos)
 
 16 Mar 2023, PHP 8.2.4
 

ext/openssl/openssl.c

@@ -2600,11 +2600,13 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
 	if (p12 != NULL) {
 		bio_out = BIO_new_file(file_path, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY));
 		if (bio_out != NULL) {
-
-			i2d_PKCS12_bio(bio_out, p12);
+			if (i2d_PKCS12_bio(bio_out, p12) == 0) {
+				php_openssl_store_errors();
+				php_error_docref(NULL, E_WARNING, "Error writing to file %s", file_path);
+			} else {
+				RETVAL_TRUE;
+			}
 			BIO_free(bio_out);
-
-			RETVAL_TRUE;
 		} else {
 			php_openssl_store_errors();
 			php_error_docref(NULL, E_WARNING, "Error opening file %s", file_path);
@@ -5288,7 +5290,11 @@ PHP_FUNCTION(openssl_pkcs7_verify)
 			}
 
 			if (p7bout) {
-				PEM_write_bio_PKCS7(p7bout, p7);
+				if (PEM_write_bio_PKCS7(p7bout, p7) == 0) {
+					php_error_docref(NULL, E_WARNING, "Failed to write PKCS7 to file");
+					php_openssl_store_errors();
+					RETVAL_FALSE;
+				}
 			}
 		}
 	} else {
@@ -5873,7 +5879,11 @@ PHP_FUNCTION(openssl_cms_verify)
 			}
 
 			if (p7bout) {
-				PEM_write_bio_CMS(p7bout, cms);
+				if (PEM_write_bio_CMS(p7bout, cms) == 0) {
+					php_error_docref(NULL, E_WARNING, "Failed to write CMS to file");
+					php_openssl_store_errors();
+					RETVAL_FALSE;
+				}
 			}
 		}
 	} else {

ext/phar/util.c

@@ -1579,7 +1579,15 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
 			}
 
 			md_ctx = EVP_MD_CTX_create();
-			EVP_VerifyInit(md_ctx, mdtype);
+			if (!md_ctx || !EVP_VerifyInit(md_ctx, mdtype)) {
+				if (md_ctx) {
+					EVP_MD_CTX_destroy(md_ctx);
+				}
+				if (error) {
+					spprintf(error, 0, "openssl signature could not be verified");
+				}
+				return FAILURE;
+			}
 			read_len = end_of_phar;
 
 			if ((size_t)read_len > sizeof(buf)) {