From e5cec86d6483c86a65d92efd189e057f22cfb881 Mon Sep 17 00:00:00 2001
From: icy17 <1061499390@qq.com>
Date: Mon, 8 Apr 2024 14:49:17 +0800
Subject: [PATCH] Fix potential NULL pointer dereference before calling
 EVP_SignInit

---
 ext/phar/util.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ext/phar/util.c b/ext/phar/util.c
index 70b475aa7485a..2709b936c8154 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1890,10 +1890,15 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
 			}
 
 			md_ctx = EVP_MD_CTX_create();
-
+			if (md_ctx == NULL){
+				if (error) {
+					spprintf(error, 0, "openssl signature could not be verified");
+				}
+				return FAILURE;
+			}
 			siglen = EVP_PKEY_size(key);
 			sigbuf = emalloc(siglen + 1);
-
+			
 			if (!EVP_SignInit(md_ctx, mdtype)) {
 				EVP_PKEY_free(key);
 				efree(sigbuf);