From b5c17e76a29af3c4a3f6bd0019f190995f069b48 Mon Sep 17 00:00:00 2001
From: Nora Dossche <7771979+ndossche@users.noreply.github.com>
Date: Tue, 2 Jun 2026 22:37:21 +0200
Subject: [PATCH] openssl: fix memory leaks when session callback returns wrong
 type (#21966)

---
 ext/openssl/xp_ssl.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 307cc3489c3c..f94059673ed0 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -2051,13 +2051,12 @@ static SSL_SESSION *php_openssl_session_get_cb(SSL *ssl, const unsigned char *se
 				SSL_SESSION_up_ref(obj->session);
 				session = obj->session;
 			}
-			zval_ptr_dtor(&retval);
 		} else if (Z_TYPE(retval) != IS_NULL) {
 			zend_type_error("session_get_cb return type must be null or OpenSSLSession");
-			return NULL;
 		}
 	}
 
+	zval_ptr_dtor(&retval);
 	zval_ptr_dtor(&args[1]);
 
 	*copy = 0;