From f5dd1bf68c896cf6ed8ec9af0aad5aa66b16b1f2 Mon Sep 17 00:00:00 2001
From: Jarne Clauw <67628242+JarneClauw@users.noreply.github.com>
Date: Mon, 13 Apr 2026 18:11:49 +0200
Subject: [PATCH 1/2] Fixing memory leak

---
 ext/phar/util.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ext/phar/util.c b/ext/phar/util.c
index a1f9863ae3a98..ebcba09c74648 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1640,6 +1640,9 @@ zend_result phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t s
 				if (md_ctx) {
 					EVP_MD_CTX_destroy(md_ctx);
 				}
+				if (key) {
+					EVP_PKEY_free(key);
+				}
 				if (error) {
 					spprintf(error, 0, "openssl signature could not be verified");
 				}

From 9a8a5d2c887ab1288f8ddb3d929430e9d997f304 Mon Sep 17 00:00:00 2001
From: Jarne Clauw <67628242+JarneClauw@users.noreply.github.com>
Date: Tue, 14 Apr 2026 12:04:47 +0200
Subject: [PATCH 2/2] Removing conditional

---
 ext/phar/util.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ext/phar/util.c b/ext/phar/util.c
index ebcba09c74648..fe177f9644436 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1640,9 +1640,7 @@ zend_result phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t s
 				if (md_ctx) {
 					EVP_MD_CTX_destroy(md_ctx);
 				}
-				if (key) {
-					EVP_PKEY_free(key);
-				}
+				EVP_PKEY_free(key);
 				if (error) {
 					spprintf(error, 0, "openssl signature could not be verified");
 				}