phar: Fix memory leaks when creating temp file fails when applying zip signature

Also fixes up the error propagation at the call site which jumped to the
wrong place in the error handling code.

Closes phpGH-20057.

Author: nielsdos

NEWS

@@ -38,6 +38,8 @@ PHP                                                                        NEWS
 - Phar:
   . Fix memory leak and invalid continuation after tar header writing fails.
     (nielsdos)
+  . Fix memory leaks when creating temp file fails when applying zip signature.
+    (nielsdos)
 
 - SimpleXML:
   . Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)).

ext/phar/zip.c

@@ -1192,7 +1192,9 @@ static int phar_zip_applysignature(phar_archive_data *phar, struct _phar_zip_pas
 		entry.fp_type = PHAR_MOD;
 		entry.is_modified = 1;
 		if (entry.fp == NULL) {
+			efree(signature);
 			spprintf(pass->error, 0, "phar error: unable to create temporary file for signature");
+			php_stream_close(newfile);
 			return FAILURE;
 		}
 
@@ -1456,11 +1458,12 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
 
 	phar_metadata_tracker_try_ensure_has_serialized_data(&phar->metadata_tracker, phar->is_persistent);
 	if (temperr) {
+temperror:
 		if (error) {
 			spprintf(error, 4096, "phar zip flush of \"%s\" failed: %s", phar->fname, temperr);
 		}
 		efree(temperr);
-temperror:
+notemperror:
 		php_stream_close(pass.centralfp);
 nocentralerror:
 		php_stream_close(pass.filefp);
@@ -1488,7 +1491,7 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
 			if (error) {
 				spprintf(error, 4096, "phar zip flush of \"%s\" failed: unable to write central-directory", phar->fname);
 			}
-			goto temperror;
+			goto notemperror;
 		}
 	}