[pull] master from php:master

Zend/zend_API.h

@@ -1055,7 +1055,13 @@ static zend_always_inline bool zend_char_has_nul_byte(const char *s, size_t know
 #define RETURN_ZVAL(zv, copy, dtor)		do { RETVAL_ZVAL(zv, copy, dtor); return; } while (0)
 #define RETURN_FALSE					do { RETVAL_FALSE; return; } while (0)
 #define RETURN_TRUE						do { RETVAL_TRUE; return; } while (0)
-#define RETURN_THROWS()					do { ZEND_ASSERT(EG(exception)); (void) return_value; return; } while (0)
+
+#ifndef HAVE_GCOV
+# define RETURN_THROWS()				do { ZEND_ASSERT(EG(exception)); (void) return_value; return; } while (0)
+#else
+/* Drop ZEND_ASSERT() to avoid untested branch warning in gcov. */
+# define RETURN_THROWS()				do { (void) return_value; return; } while (0)
+#endif
 
 #define HASH_OF(p) (Z_TYPE_P(p)==IS_ARRAY ? Z_ARRVAL_P(p) : ((Z_TYPE_P(p)==IS_OBJECT ? Z_OBJ_HT_P(p)->get_properties(Z_OBJ_P(p)) : NULL)))
 

build/Makefile.gcov

@@ -24,10 +24,15 @@ GCOVR_EXCLUDES = \
 	'ext/hash/sha3/.*' \
 	'ext/lexbor/lexbor/.*' \
 	'ext/mbstring/libmbfl/.*' \
+	'ext/opcache/jit/ir/.*' \
 	'ext/pcre/pcre2lib/.*' \
 	'ext/uri/uriparser/.*'
 
-GCOVR_EXCLUDE_LINES_BY_PATTERN = '.*\b(ZEND_PARSE_PARAMETERS_(START|END|NONE)|Z_PARAM_).*'
+GCOVR_EXCLUDE_LINES_BY_PATTERNS = \
+	'.*\b(ZEND_PARSE_PARAMETERS_(START|END|NONE)|Z_PARAM_).*' \
+	'\s*EMPTY_SWITCH_DEFAULT_CASE\(\)(;)?\s*' \
+	'\s*ZEND_ASSERT\(.*\);\s*' \
+	'\s*ZEND_UNREACHABLE\(\);\s*'
 
 lcov: lcov-html
 
@@ -53,14 +58,14 @@ gcovr-html:
 	@rm -rf gcovr_html/
 	@mkdir gcovr_html
 	gcovr -sr . -o gcovr_html/index.html --html --html-details \
-		--exclude-lines-by-pattern $(GCOVR_EXCLUDE_LINES_BY_PATTERN) \
+		$(foreach pattern, $(GCOVR_EXCLUDE_LINES_BY_PATTERNS), --exclude-lines-by-pattern $(pattern)) \
 		$(foreach lib, $(GCOVR_EXCLUDES), -e $(lib))
 
 gcovr-xml:
 	@echo "Generating gcovr XML"
 	@rm -f gcovr.xml
 	gcovr -sr . -o gcovr.xml --xml \
-		--exclude-lines-by-pattern $(GCOVR_EXCLUDE_LINES_BY_PATTERN) \
+		$(foreach pattern, $(GCOVR_EXCLUDE_LINES_BY_PATTERNS), --exclude-lines-by-pattern $(pattern)) \
 		$(foreach lib, $(GCOVR_EXCLUDES), -e $(lib))
 
 .PHONY: gcovr-html lcov-html php_lcov.info

ext/intl/config.w32

@@ -92,13 +92,11 @@ if (PHP_INTL != "no") {
 				resourcebundle_iterator.cpp",
 				"intl");
 
-		if (CHECK_HEADER("unicode/uspoof.h", "CFLAGS_INTL")) {
-			ADD_SOURCES(configure_module_dirname + "/spoofchecker", "\
-					spoofchecker_class.cpp \
-					spoofchecker_create.cpp \
-					spoofchecker_main.cpp",
-					"intl");
-		}
+		ADD_SOURCES(configure_module_dirname + "/spoofchecker", "\
+				spoofchecker_class.cpp \
+				spoofchecker_create.cpp \
+				spoofchecker_main.cpp",
+				"intl");
 
 		ADD_SOURCES(configure_module_dirname + "/transliterator", "\
 				transliterator_class.cpp \

ext/openssl/config.w32

@@ -16,9 +16,7 @@ if (PHP_OPENSSL != "no") {
 			AC_DEFINE("LOAD_OPENSSL_LEGACY_PROVIDER", 1, "Define to 1 to load the OpenSSL legacy algorithm provider in addition to the default provider.");
 		}
 		if (PHP_OPENSSL_ARGON2 != "no") {
-			if (PHP_ZTS != "no") {
-				WARNING("OpenSSL argon2 hashing not supported in ZTS mode for now");
-			} else if (!GREP_HEADER("openssl/thread.h", "OSSL_set_max_threads", PHP_PHP_BUILD + "\\include")) {
+			if (!GREP_HEADER("openssl/thread.h", "OSSL_set_max_threads", PHP_PHP_BUILD + "\\include")) {
 				WARNING("OpenSSL argon2 hashing requires OpenSSL >= 3.2");
 			} else {
 				AC_DEFINE("HAVE_OPENSSL_ARGON2", 1, "Define to 1 to enable OpenSSL argon2 password hashing.");

ext/openssl/openssl.c

@@ -1562,7 +1562,7 @@ PHP_FUNCTION(openssl_pkcs12_read)
 					add_index_zval(&zextracerts, i, &zextracert);
 				}
 
-				BIO_reset(bio_out);
+				(void)BIO_reset(bio_out);
 				X509_free(aCA);
 			}
 			BIO_free(bio_out);
@@ -1815,7 +1815,11 @@ PHP_FUNCTION(openssl_csr_sign)
 			goto cleanup;
 		}
 	} else {
-		PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial);
+		if (!PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial)) {
+			php_openssl_store_errors();
+			php_error_docref(NULL, E_WARNING, "Error setting serial number");
+			goto cleanup;
+		}
 	}
 
 	if (!X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr))) {
@@ -1830,8 +1834,11 @@ PHP_FUNCTION(openssl_csr_sign)
 		php_openssl_store_errors();
 		goto cleanup;
 	}
-	X509_gmtime_adj(X509_getm_notBefore(new_cert), 0);
-	X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*num_days);
+	if (!X509_gmtime_adj(X509_getm_notBefore(new_cert), 0)
+		|| !X509_gmtime_adj(X509_getm_notAfter(new_cert), 60*60*24*num_days)) {
+		php_openssl_store_errors();
+		goto cleanup;
+	}
 	i = X509_set_pubkey(new_cert, key);
 	if (!i) {
 		php_openssl_store_errors();
@@ -2837,7 +2844,7 @@ PHP_FUNCTION(openssl_pkcs7_read)
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
 			}
-			BIO_reset(bio_out);
+			(void)BIO_reset(bio_out);
 		}
 		BIO_free(bio_out);
 	}
@@ -2856,7 +2863,7 @@ PHP_FUNCTION(openssl_pkcs7_read)
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
 			}
-			BIO_reset(bio_out);
+			(void)BIO_reset(bio_out);
 		}
 		BIO_free(bio_out);
 	}
@@ -3513,7 +3520,7 @@ PHP_FUNCTION(openssl_cms_read)
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
 			}
-			BIO_reset(bio_out);
+			(void)BIO_reset(bio_out);
 		}
 		BIO_free(bio_out);
 	}
@@ -3533,7 +3540,7 @@ PHP_FUNCTION(openssl_cms_read)
 				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 				add_index_zval(zout, i, &zcert);
 			}
-			BIO_reset(bio_out);
+			(void)BIO_reset(bio_out);
 		}
 		BIO_free(bio_out);
 	}

ext/openssl/openssl_backend_common.c

@@ -1088,13 +1088,15 @@ zend_result php_openssl_csr_make(struct php_x509_request * req, X509_REQ * csr,
 				}
 			}
 		}
+
+		if (!X509_REQ_set_pubkey(csr, req->priv_key)) {
+			php_openssl_store_errors();
+		}
 	} else {
 		php_openssl_store_errors();
+		return FAILURE;
 	}
 
-	if (!X509_REQ_set_pubkey(csr, req->priv_key)) {
-		php_openssl_store_errors();
-	}
 	return SUCCESS;
 }
 

ext/openssl/openssl_backend_v1.c

@@ -140,7 +140,14 @@ static bool php_openssl_pkey_init_dsa_data(DSA *dsa, zval *data, bool *is_privat
 	OPENSSL_PKEY_SET_BN(data, p);
 	OPENSSL_PKEY_SET_BN(data, q);
 	OPENSSL_PKEY_SET_BN(data, g);
-	if (!p || !q || !g || !DSA_set0_pqg(dsa, p, q, g)) {
+	if (!p || !q || !g) {
+		BN_free(p);
+		BN_free(q);
+		BN_free(g);
+		return false;
+	}
+
+	if (!DSA_set0_pqg(dsa, p, q, g)) {
 		return false;
 	}
 
@@ -201,7 +208,12 @@ static bool php_openssl_pkey_init_dh_data(DH *dh, zval *data, bool *is_private)
 	OPENSSL_PKEY_SET_BN(data, p);
 	OPENSSL_PKEY_SET_BN(data, q);
 	OPENSSL_PKEY_SET_BN(data, g);
-	if (!p || !g || !DH_set0_pqg(dh, p, q, g)) {
+	if (!p || !q) {
+		BN_free(p);
+		return false;
+	}
+
+	if (!DH_set0_pqg(dh, p, q, g)) {
 		return false;
 	}
 
@@ -214,6 +226,10 @@ static bool php_openssl_pkey_init_dh_data(DH *dh, zval *data, bool *is_private)
 	if (priv_key) {
 		pub_key = php_openssl_dh_pub_from_priv(priv_key, g, p);
 		if (pub_key == NULL) {
+			BN_free(p);
+			BN_free(q);
+			BN_free(g);
+			BN_free(priv_key);
 			return false;
 		}
 		return DH_set0_key(dh, pub_key, priv_key);
@@ -261,6 +277,9 @@ static bool php_openssl_pkey_init_ec_data(EC_KEY *eckey, zval *data, bool *is_pr
 	EC_POINT *point_q = NULL;
 	EC_GROUP *group = NULL;
 	BN_CTX *bctx = BN_CTX_new();
+	if (!bctx) {
+		goto clean_exit;
+	}
 
 	*is_private = false;
 

ext/openssl/tests/gh21031.phpt

@@ -65,7 +65,7 @@ $clientCode = <<<'CODE'
         ],
     ]);
 
-    var_dump(file_get_contents("https://cs.php.net/", false, $clientCtx));
+    var_dump(@file_get_contents("https://cs.php.net/", false, $clientCtx));
 
     phpt_notify('proxy');
     phpt_notify('server');
@@ -77,6 +77,5 @@ ServerClientTestCase::getInstance()->run($clientCode, [
     'proxy' => $proxyCode,
 ]);
 ?>
---EXPECTF--
-Warning: file_get_contents(https://cs.php.net/): Failed to open stream: Cannot connect to HTTPS server through proxy in %s
+--EXPECT--
 bool(false)

ext/openssl/xp_ssl.c

@@ -411,7 +411,7 @@ static bool php_openssl_x509_fingerprint_match(X509 *peer, zval *val)
 
 static bool php_openssl_matches_wildcard_name(const char *subjectname, const char *certname) /* {{{ */
 {
-	char *wildcard = NULL;
+	const char *wildcard = NULL;
 	ptrdiff_t prefix_len;
 	size_t suffix_len, subject_len;
 
@@ -1691,7 +1691,8 @@ static zend_result php_openssl_setup_crypto(php_stream *stream,
 
 	sslsock->ssl_handle = SSL_new(sslsock->ctx);
 
-	if (sslsock->ssl_handle == NULL) {
+	if (sslsock->ssl_handle == NULL
+		|| !SSL_set_ex_data(sslsock->ssl_handle, php_openssl_get_ssl_stream_data_index(), stream)) {
 		php_error_docref(NULL, E_WARNING, "SSL handle creation failure");
 		SSL_CTX_free(sslsock->ctx);
 		sslsock->ctx = NULL;
@@ -1702,8 +1703,6 @@ static zend_result php_openssl_setup_crypto(php_stream *stream,
 		}
 #endif
 		return FAILURE;
-	} else {
-		SSL_set_ex_data(sslsock->ssl_handle, php_openssl_get_ssl_stream_data_index(), stream);
 	}
 
 	if (!SSL_set_fd(sslsock->ssl_handle, sslsock->s.socket)) {