Handle BSON encoding exceptions in encrypt/decrypt

jmikola · jmikola · commit f0f2f15235ef · 2023-05-29T12:57:28.000+08:00
Note that it is not possible to write a test for decrypt() since Binary instances always encode to BSON.
diff --git a/src/MongoDB/ClientEncryption.c b/src/MongoDB/ClientEncryption.c
@@ -1012,6 +1012,10 @@ static void phongo_clientencryption_encrypt(php_phongo_clientencryption_t* clien
 
 	php_phongo_zval_to_bson_value(zvalue, PHONGO_BSON_NONE, &value);
 
+	if (EG(exception)) {
+		goto cleanup;
+	}
+
 	opts = phongo_clientencryption_encrypt_opts_from_zval(options);
 
 	if (!opts) {
@@ -1085,6 +1089,10 @@ static void phongo_clientencryption_decrypt(php_phongo_clientencryption_t* clien
 
 	php_phongo_zval_to_bson_value(zciphertext, PHONGO_BSON_NONE, &ciphertext);
 
+	if (EG(exception)) {
+		goto cleanup;
+	}
+
 	if (!mongoc_client_encryption_decrypt(clientencryption->client_encryption, &ciphertext, &value, &error)) {
 		phongo_throw_exception_from_bson_error_t(&error);
 		goto cleanup;
diff --git a/tests/clientEncryption/clientEncryption-encrypt_error-001.phpt b/tests/clientEncryption/clientEncryption-encrypt_error-001.phpt
@@ -0,0 +1,42 @@
+--TEST--
+MongoDB\Driver\ClientEncryption::encrypt() BSON encoding errors
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; ?>
+<?php skip_if_not_libmongocrypt(); ?>
+--FILE--
+<?php
+
+require_once __DIR__ . "/../utils/basic.inc";
+
+$manager = create_test_manager();
+
+$clientEncryption = $manager->createClientEncryption([
+    'keyVaultNamespace' => CSFLE_KEY_VAULT_NS,
+    'kmsProviders' => ['local' => ['key' => new MongoDB\BSON\Binary(CSFLE_LOCAL_KEY, 0)]],
+]);
+
+class SerializableError implements MongoDB\BSON\Serializable {
+    #[\ReturnTypeWillChange]
+    public function bsonSerialize()
+    {
+        throw new RuntimeException('bsonSerialize() error');
+    }
+}
+
+echo throws(function() use ($clientEncryption) {
+    $clientEncryption->encrypt(new SerializableError());
+}, RuntimeException::class), "\n";
+
+echo throws(function() use ($clientEncryption) {
+    $clientEncryption->encrypt('top-secret', ['keyId' => new SerializableError()]);
+}, RuntimeException::class), "\n";
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+OK: Got RuntimeException
+bsonSerialize() error
+OK: Got RuntimeException
+bsonSerialize() error
+===DONE===
