From c1c09bb3d52a72e6e4366fea638913f356e7b2d3 Mon Sep 17 00:00:00 2001
From: ndossche <7771979+ndossche@users.noreply.github.com>
Date: Wed, 6 May 2026 18:05:31 +0200
Subject: [PATCH] openssl: fix memory leaks when session callback returns wrong
 type

---
 ext/openssl/xp_ssl.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index ed72ca49677f..9074cf7087ad 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -1634,13 +1634,12 @@ static SSL_SESSION *php_openssl_session_get_cb(SSL *ssl, const unsigned char *se
 				SSL_SESSION_up_ref(obj->session);
 				session = obj->session;
 			}
-			zval_ptr_dtor(&retval);
 		} else if (Z_TYPE(retval) != IS_NULL) {
 			zend_type_error("session_get_cb return type must be null or OpenSSLSession");
-			return NULL;
 		}
 	}
 
+	zval_ptr_dtor(&retval);
 	zval_ptr_dtor(&args[1]);
 
 	*copy = 0;