From b820374b2911e5a7b5f223c4932fe516614496f8 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sat, 29 Mar 2025 23:36:57 +0100
Subject: [PATCH] Fix memory leak in openssl_sign() when passing invalid
 algorithm

---
 ext/openssl/openssl.c                          |  1 +
 .../tests/openssl_sign_invalid_algorithm.phpt  | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 ext/openssl/tests/openssl_sign_invalid_algorithm.phpt

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index c5720ee97e38c..bd386dbe8ae7a 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -6959,6 +6959,7 @@ PHP_FUNCTION(openssl_sign)
 		mdtype = php_openssl_get_evp_md_from_algo(method_long);
 	}
 	if (!mdtype) {
+		EVP_PKEY_free(pkey);
 		php_error_docref(NULL, E_WARNING, "Unknown digest algorithm");
 		RETURN_FALSE;
 	}
diff --git a/ext/openssl/tests/openssl_sign_invalid_algorithm.phpt b/ext/openssl/tests/openssl_sign_invalid_algorithm.phpt
new file mode 100644
index 0000000000000..c669a373a1079
--- /dev/null
+++ b/ext/openssl/tests/openssl_sign_invalid_algorithm.phpt
@@ -0,0 +1,18 @@
+--TEST--
+openssl_sign: invalid algorithm
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+$dir = __DIR__;
+$file_pub = $dir . '/bug37820cert.pem';
+$file_key = $dir . '/bug37820key.pem';
+
+$priv_key = file_get_contents($file_key);
+$priv_key_id = openssl_get_privatekey($priv_key);
+
+$data = "some custom data";
+openssl_sign($data, $signature, $priv_key_id, "invalid algo");
+?>
+--EXPECTF--
+Warning: openssl_sign(): Unknown digest algorithm in %s on line %d