diff --git a/Zend/zend_API.h b/Zend/zend_API.h index e56ded4e8f1b5..1ec5813678a45 100644 --- a/Zend/zend_API.h +++ b/Zend/zend_API.h @@ -1055,7 +1055,13 @@ static zend_always_inline bool zend_char_has_nul_byte(const char *s, size_t know #define RETURN_ZVAL(zv, copy, dtor) do { RETVAL_ZVAL(zv, copy, dtor); return; } while (0) #define RETURN_FALSE do { RETVAL_FALSE; return; } while (0) #define RETURN_TRUE do { RETVAL_TRUE; return; } while (0) -#define RETURN_THROWS() do { ZEND_ASSERT(EG(exception)); (void) return_value; return; } while (0) + +#ifndef HAVE_GCOV +# define RETURN_THROWS() do { ZEND_ASSERT(EG(exception)); (void) return_value; return; } while (0) +#else +/* Drop ZEND_ASSERT() to avoid untested branch warning in gcov. */ +# define RETURN_THROWS() do { (void) return_value; return; } while (0) +#endif #define HASH_OF(p) (Z_TYPE_P(p)==IS_ARRAY ? Z_ARRVAL_P(p) : ((Z_TYPE_P(p)==IS_OBJECT ? Z_OBJ_HT_P(p)->get_properties(Z_OBJ_P(p)) : NULL))) diff --git a/build/Makefile.gcov b/build/Makefile.gcov index d389cecdd1926..d0dde7c120c8c 100644 --- a/build/Makefile.gcov +++ b/build/Makefile.gcov @@ -24,10 +24,15 @@ GCOVR_EXCLUDES = \ 'ext/hash/sha3/.*' \ 'ext/lexbor/lexbor/.*' \ 'ext/mbstring/libmbfl/.*' \ + 'ext/opcache/jit/ir/.*' \ 'ext/pcre/pcre2lib/.*' \ 'ext/uri/uriparser/.*' -GCOVR_EXCLUDE_LINES_BY_PATTERN = '.*\b(ZEND_PARSE_PARAMETERS_(START|END|NONE)|Z_PARAM_).*' +GCOVR_EXCLUDE_LINES_BY_PATTERNS = \ + '.*\b(ZEND_PARSE_PARAMETERS_(START|END|NONE)|Z_PARAM_).*' \ + '\s*EMPTY_SWITCH_DEFAULT_CASE\(\)(;)?\s*' \ + '\s*ZEND_ASSERT\(.*\);\s*' \ + '\s*ZEND_UNREACHABLE\(\);\s*' lcov: lcov-html @@ -53,14 +58,14 @@ gcovr-html: @rm -rf gcovr_html/ @mkdir gcovr_html gcovr -sr . -o gcovr_html/index.html --html --html-details \ - --exclude-lines-by-pattern $(GCOVR_EXCLUDE_LINES_BY_PATTERN) \ + $(foreach pattern, $(GCOVR_EXCLUDE_LINES_BY_PATTERNS), --exclude-lines-by-pattern $(pattern)) \ $(foreach lib, $(GCOVR_EXCLUDES), -e $(lib)) gcovr-xml: @echo "Generating gcovr XML" @rm -f gcovr.xml gcovr -sr . -o gcovr.xml --xml \ - --exclude-lines-by-pattern $(GCOVR_EXCLUDE_LINES_BY_PATTERN) \ + $(foreach pattern, $(GCOVR_EXCLUDE_LINES_BY_PATTERNS), --exclude-lines-by-pattern $(pattern)) \ $(foreach lib, $(GCOVR_EXCLUDES), -e $(lib)) .PHONY: gcovr-html lcov-html php_lcov.info diff --git a/ext/intl/config.w32 b/ext/intl/config.w32 index da8285b50d0c7..9e2f695532d3e 100644 --- a/ext/intl/config.w32 +++ b/ext/intl/config.w32 @@ -92,13 +92,11 @@ if (PHP_INTL != "no") { resourcebundle_iterator.cpp", "intl"); - if (CHECK_HEADER("unicode/uspoof.h", "CFLAGS_INTL")) { - ADD_SOURCES(configure_module_dirname + "/spoofchecker", "\ - spoofchecker_class.cpp \ - spoofchecker_create.cpp \ - spoofchecker_main.cpp", - "intl"); - } + ADD_SOURCES(configure_module_dirname + "/spoofchecker", "\ + spoofchecker_class.cpp \ + spoofchecker_create.cpp \ + spoofchecker_main.cpp", + "intl"); ADD_SOURCES(configure_module_dirname + "/transliterator", "\ transliterator_class.cpp \ diff --git a/ext/openssl/config.w32 b/ext/openssl/config.w32 index 6fd0e928422c7..4b7f4b8b85655 100644 --- a/ext/openssl/config.w32 +++ b/ext/openssl/config.w32 @@ -16,9 +16,7 @@ if (PHP_OPENSSL != "no") { AC_DEFINE("LOAD_OPENSSL_LEGACY_PROVIDER", 1, "Define to 1 to load the OpenSSL legacy algorithm provider in addition to the default provider."); } if (PHP_OPENSSL_ARGON2 != "no") { - if (PHP_ZTS != "no") { - WARNING("OpenSSL argon2 hashing not supported in ZTS mode for now"); - } else if (!GREP_HEADER("openssl/thread.h", "OSSL_set_max_threads", PHP_PHP_BUILD + "\\include")) { + if (!GREP_HEADER("openssl/thread.h", "OSSL_set_max_threads", PHP_PHP_BUILD + "\\include")) { WARNING("OpenSSL argon2 hashing requires OpenSSL >= 3.2"); } else { AC_DEFINE("HAVE_OPENSSL_ARGON2", 1, "Define to 1 to enable OpenSSL argon2 password hashing."); diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 9630ec6170c73..65da0752b557f 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1562,7 +1562,7 @@ PHP_FUNCTION(openssl_pkcs12_read) add_index_zval(&zextracerts, i, &zextracert); } - BIO_reset(bio_out); + (void)BIO_reset(bio_out); X509_free(aCA); } BIO_free(bio_out); @@ -1815,7 +1815,11 @@ PHP_FUNCTION(openssl_csr_sign) goto cleanup; } } else { - PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial); + if (!PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial)) { + php_openssl_store_errors(); + php_error_docref(NULL, E_WARNING, "Error setting serial number"); + goto cleanup; + } } if (!X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr))) { @@ -1830,8 +1834,11 @@ PHP_FUNCTION(openssl_csr_sign) php_openssl_store_errors(); goto cleanup; } - X509_gmtime_adj(X509_getm_notBefore(new_cert), 0); - X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*num_days); + if (!X509_gmtime_adj(X509_getm_notBefore(new_cert), 0) + || !X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*num_days)) { + php_openssl_store_errors(); + goto cleanup; + } i = X509_set_pubkey(new_cert, key); if (!i) { php_openssl_store_errors(); @@ -2837,7 +2844,7 @@ PHP_FUNCTION(openssl_pkcs7_read) ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length); add_index_zval(zout, i, &zcert); } - BIO_reset(bio_out); + (void)BIO_reset(bio_out); } BIO_free(bio_out); } @@ -2856,7 +2863,7 @@ PHP_FUNCTION(openssl_pkcs7_read) ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length); add_index_zval(zout, i, &zcert); } - BIO_reset(bio_out); + (void)BIO_reset(bio_out); } BIO_free(bio_out); } @@ -3513,7 +3520,7 @@ PHP_FUNCTION(openssl_cms_read) ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length); add_index_zval(zout, i, &zcert); } - BIO_reset(bio_out); + (void)BIO_reset(bio_out); } BIO_free(bio_out); } @@ -3533,7 +3540,7 @@ PHP_FUNCTION(openssl_cms_read) ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length); add_index_zval(zout, i, &zcert); } - BIO_reset(bio_out); + (void)BIO_reset(bio_out); } BIO_free(bio_out); } diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c index ed57d6e81715e..5762d0613777a 100644 --- a/ext/openssl/openssl_backend_common.c +++ b/ext/openssl/openssl_backend_common.c @@ -1088,13 +1088,15 @@ zend_result php_openssl_csr_make(struct php_x509_request * req, X509_REQ * csr, } } } + + if (!X509_REQ_set_pubkey(csr, req->priv_key)) { + php_openssl_store_errors(); + } } else { php_openssl_store_errors(); + return FAILURE; } - if (!X509_REQ_set_pubkey(csr, req->priv_key)) { - php_openssl_store_errors(); - } return SUCCESS; } diff --git a/ext/openssl/openssl_backend_v1.c b/ext/openssl/openssl_backend_v1.c index 0f254fb58575f..b1f95cdb48b39 100644 --- a/ext/openssl/openssl_backend_v1.c +++ b/ext/openssl/openssl_backend_v1.c @@ -140,7 +140,14 @@ static bool php_openssl_pkey_init_dsa_data(DSA *dsa, zval *data, bool *is_privat OPENSSL_PKEY_SET_BN(data, p); OPENSSL_PKEY_SET_BN(data, q); OPENSSL_PKEY_SET_BN(data, g); - if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) { + if (!p || !q || !g) { + BN_free(p); + BN_free(q); + BN_free(g); + return false; + } + + if (!DSA_set0_pqg(dsa, p, q, g)) { return false; } @@ -201,7 +208,12 @@ static bool php_openssl_pkey_init_dh_data(DH *dh, zval *data, bool *is_private) OPENSSL_PKEY_SET_BN(data, p); OPENSSL_PKEY_SET_BN(data, q); OPENSSL_PKEY_SET_BN(data, g); - if (!p || !g || !DH_set0_pqg(dh, p, q, g)) { + if (!p || !q) { + BN_free(p); + return false; + } + + if (!DH_set0_pqg(dh, p, q, g)) { return false; } @@ -214,6 +226,10 @@ static bool php_openssl_pkey_init_dh_data(DH *dh, zval *data, bool *is_private) if (priv_key) { pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p); if (pub_key == NULL) { + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(priv_key); return false; } return DH_set0_key(dh, pub_key, priv_key); @@ -261,6 +277,9 @@ static bool php_openssl_pkey_init_ec_data(EC_KEY *eckey, zval *data, bool *is_pr EC_POINT *point_q = NULL; EC_GROUP *group = NULL; BN_CTX *bctx = BN_CTX_new(); + if (!bctx) { + goto clean_exit; + } *is_private = false; diff --git a/ext/openssl/tests/gh21031.phpt b/ext/openssl/tests/gh21031.phpt index a35fab9272700..55694bf7676e8 100644 --- a/ext/openssl/tests/gh21031.phpt +++ b/ext/openssl/tests/gh21031.phpt @@ -65,7 +65,7 @@ $clientCode = <<<'CODE' ], ]); - var_dump(file_get_contents("https://cs.php.net/", false, $clientCtx)); + var_dump(@file_get_contents("https://cs.php.net/", false, $clientCtx)); phpt_notify('proxy'); phpt_notify('server'); @@ -77,6 +77,5 @@ ServerClientTestCase::getInstance()->run($clientCode, [ 'proxy' => $proxyCode, ]); ?> ---EXPECTF-- -Warning: file_get_contents(https://cs.php.net/): Failed to open stream: Cannot connect to HTTPS server through proxy in %s +--EXPECT-- bool(false) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 4273bb99957b7..52a479d1612cd 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -411,7 +411,7 @@ static bool php_openssl_x509_fingerprint_match(X509 *peer, zval *val) static bool php_openssl_matches_wildcard_name(const char *subjectname, const char *certname) /* {{{ */ { - char *wildcard = NULL; + const char *wildcard = NULL; ptrdiff_t prefix_len; size_t suffix_len, subject_len; @@ -1691,7 +1691,8 @@ static zend_result php_openssl_setup_crypto(php_stream *stream, sslsock->ssl_handle = SSL_new(sslsock->ctx); - if (sslsock->ssl_handle == NULL) { + if (sslsock->ssl_handle == NULL + || !SSL_set_ex_data(sslsock->ssl_handle, php_openssl_get_ssl_stream_data_index(), stream)) { php_error_docref(NULL, E_WARNING, "SSL handle creation failure"); SSL_CTX_free(sslsock->ctx); sslsock->ctx = NULL; @@ -1702,8 +1703,6 @@ static zend_result php_openssl_setup_crypto(php_stream *stream, } #endif return FAILURE; - } else { - SSL_set_ex_data(sslsock->ssl_handle, php_openssl_get_ssl_stream_data_index(), stream); } if (!SSL_set_fd(sslsock->ssl_handle, sslsock->s.socket)) {