Patch for 73275

73275.diff

commit 8822f7c9f0be2f591f8fa58834c5e1bc529b24dc
Author: Stanislav Malyshev <stas@php.net>
Date:   Tue Oct 11 13:19:20 2016 -0700

    fix bug #73275 - crash in openssl_encrypt function

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 844132b..33593e7 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -5260,7 +5260,7 @@ PHP_FUNCTION(openssl_encrypt)
 	free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC);
 
 	outlen = data_len + EVP_CIPHER_block_size(cipher_type);
-	outbuf = emalloc(outlen + 1);
+	outbuf = safe_emalloc(outlen, 1, 1);
 
 	EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
 	if (password_len > keylen) {
@@ -5278,15 +5278,19 @@ PHP_FUNCTION(openssl_encrypt)
 		outlen += i;
 		if (options & OPENSSL_RAW_DATA) {
 			outbuf[outlen] = '\0';
-			RETVAL_STRINGL((char *)outbuf, outlen, 0);
+			RETVAL_STRINGL_CHECK((char *)outbuf, outlen, 0);
 		} else {
 			int base64_str_len;
 			char *base64_str;
 
 			base64_str = (char*)php_base64_encode(outbuf, outlen, &base64_str_len);
 			efree(outbuf);
+			if (!base64_str) {
+				RETVAL_FALSE;
+			} else {
 				RETVAL_STRINGL(base64_str, base64_str_len, 0);
 			}
+		}
 	} else {
 		efree(outbuf);
 		RETVAL_FALSE;