Fixed GH-18247: dba_popen() memory leak on invalid path.

and a handful more error code paths.

close GH-18250

Author: devnexen

NEWS

@@ -8,6 +8,9 @@ PHP                                                                        NEWS
   . Fixed bug GH-18038 (Lazy proxy calls magic methods twice). (Arnaud)
   . Fixed bug GH-18209 (Use-after-free in extract() with EXTR_REFS). (ilutov)
 
+- DBA:
+  . FIxed bug GH-18247 dba_popen() memory leak on invalid path. (David Carlier)
+
 - GD:
   . Fixed imagecrop() overflow with rect argument with x/width y/heigh usage
     in gdImageCrop(). (David Carlier)

ext/dba/dba.c

@@ -864,9 +864,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, bool persistent)
 		}
 		if (!connection->info->lock.fp) {
 			/* stream operation already wrote an error message */
-			efree(resource_key);
-			zval_ptr_dtor(return_value);
-			RETURN_FALSE;
+			goto fail;
 		}
 		if (!error && !php_stream_supports_lock(connection->info->lock.fp)) {
 			error = "Stream does not support locking";
@@ -885,19 +883,15 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, bool persistent)
 		}
 		if (!connection->info->fp) {
 			/* stream operation already wrote an error message */
-			efree(resource_key);
-			zval_ptr_dtor(return_value);
-			RETURN_FALSE;
+			goto fail;
 		}
 		if (hptr->flags & (DBA_NO_APPEND|DBA_CAST_AS_FD)) {
 			/* Needed because some systems do not allow to write to the original
 			 * file contents with O_APPEND being set.
 			 */
 			if (SUCCESS != php_stream_cast(connection->info->fp, PHP_STREAM_AS_FD, (void*)&connection->info->fd, 1)) {
 				php_error_docref(NULL, E_WARNING, "Could not cast stream");
-				efree(resource_key);
-				zval_ptr_dtor(return_value);
-				RETURN_FALSE;
+				goto fail;
 #ifdef F_SETFL
 			} else if (modenr == DBA_CREAT) {
 				int flags = fcntl(connection->info->fd, F_GETFL);
@@ -931,9 +925,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, bool persistent)
 				php_error_docref(NULL, E_WARNING, "Driver initialization failed for handler: %s", hptr->name);
 			}
 		}
-		efree(resource_key);
-		zval_ptr_dtor(return_value);
-		RETURN_FALSE;
+		goto fail;
 	}
 
 	connection->info->hnd = hptr;
@@ -942,13 +934,22 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, bool persistent)
 		if (zend_register_persistent_resource(resource_key, resource_key_len, connection->info, le_pdb) == NULL) {
 			php_error_docref(NULL, E_WARNING, "Could not register persistent resource");
 			efree(resource_key);
+			dba_close_connection(connection);
 			zval_ptr_dtor(return_value);
 			RETURN_FALSE;
 		}
 	}
 
 	zend_hash_add_new(&DBA_G(connections), connection->hash, return_value);
 	efree(resource_key);
+	return;
+fail:
+	efree(resource_key);
+	zend_string_release_ex(connection->hash, persistent);
+	dba_close_info(connection->info);
+	connection->info = NULL;
+	zval_ptr_dtor(return_value);
+	RETURN_FALSE;
 }
 /* }}} */
 

ext/dba/tests/gh18247.phpt

@@ -0,0 +1,12 @@
+--TEST--
+GH-18247: dba_open() memory leak on invalid path
+--EXTENSIONS--
+dba
+--FILE--
+<?php
+var_dump(dba_popen('/inexistent', 'r'));
+?>
+--EXPECTF--
+
+Warning: dba_popen(/inexistent): Failed to open stream: No such file or directory in %s on line %d
+bool(false)