From 9b34b10e79cd3eed057fcdbab35cb0989656a055 Mon Sep 17 00:00:00 2001
From: icy17 <1061499390@qq.com>
Date: Fri, 29 Sep 2023 16:50:21 +0800
Subject: [PATCH 1/3] add check against NULL before calling EVP_DigestInit_ex
 to avoid NULL deref

---
 ext/openssl/openssl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 33f51bfa4de9..6035e78f8749 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -7342,6 +7342,12 @@ PHP_FUNCTION(openssl_digest)
 	sigbuf = zend_string_alloc(siglen, 0);
 
 	md_ctx = EVP_MD_CTX_create();
+
+	// add check against NULL
+	if(!md_ctx){
+		RETURN_FALSE;
+	}
+
 	if (EVP_DigestInit(md_ctx, mdtype) &&
 			EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) &&
 			EVP_DigestFinal (md_ctx, (unsigned char *)ZSTR_VAL(sigbuf), &siglen)) {

From 10d652e3033c98ba852c261cd5c654b290cf2fe5 Mon Sep 17 00:00:00 2001
From: George Peter Banyard <girgias@php.net>
Date: Fri, 29 Sep 2023 18:47:14 +0100
Subject: [PATCH 2/3] Formatting

Co-authored-by: Jakub Zelenka <bukka@php.net>
---
 ext/openssl/openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 6035e78f8749..d2ee66d4e1ac 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -7344,7 +7344,7 @@ PHP_FUNCTION(openssl_digest)
 	md_ctx = EVP_MD_CTX_create();
 
 	// add check against NULL
-	if(!md_ctx){
+	if (md_ctx == NULL) {
 		RETURN_FALSE;
 	}
 

From 48bf38f74977335adc22623af07b3895ce5858b5 Mon Sep 17 00:00:00 2001
From: icy17 <1061499390@qq.com>
Date: Tue, 24 Oct 2023 16:09:40 +0800
Subject: [PATCH 3/3] fix null pointer dereference

---
 ext/dom/document.c            | 3 +++
 ext/xmlreader/php_xmlreader.c | 3 +++
 ext/xmlwriter/php_xmlwriter.c | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/ext/dom/document.c b/ext/dom/document.c
index 759086569afb..31b889125269 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -1157,6 +1157,9 @@ char *_dom_get_valid_file_path(char *source, char *resolved_path, int resolved_p
 	int isFileUri = 0;
 
 	uri = xmlCreateURI();
+	if (uri == NULL) {
+		return NULL;
+	}
 	escsource = xmlURIEscapeStr((xmlChar *) source, (xmlChar *) ":");
 	xmlParseURIReference(uri, (char *) escsource);
 	xmlFree(escsource);
diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c
index 137c12f7151a..4ec3cae16efb 100644
--- a/ext/xmlreader/php_xmlreader.c
+++ b/ext/xmlreader/php_xmlreader.c
@@ -212,6 +212,9 @@ char *_xmlreader_get_valid_file_path(char *source, char *resolved_path, int reso
 	int isFileUri = 0;
 
 	uri = xmlCreateURI();
+	if (uri == NULL) {
+		return NULL;
+	}
 	escsource = xmlURIEscapeStr((xmlChar *)source, (xmlChar *)":");
 	xmlParseURIReference(uri, (const char *)escsource);
 	xmlFree(escsource);
diff --git a/ext/xmlwriter/php_xmlwriter.c b/ext/xmlwriter/php_xmlwriter.c
index 8fd5f1223d43..abb135780887 100644
--- a/ext/xmlwriter/php_xmlwriter.c
+++ b/ext/xmlwriter/php_xmlwriter.c
@@ -109,6 +109,9 @@ static char *_xmlwriter_get_valid_file_path(char *source, char *resolved_path, i
 	int isFileUri = 0;
 
 	uri = xmlCreateURI();
+	if (uri == NULL) {
+		return NULL;
+	}
 	escsource = xmlURIEscapeStr((xmlChar *)source, (xmlChar *) ":");
 	xmlParseURIReference(uri, (char *)escsource);
 	xmlFree(escsource);