If the certificate arrays happen to be sparsely indexed this can blow out the memory.

Andrew Thompson · Andrew Thompson · commit dd46a0bfce7c · 2017-05-25T14:58:17.000+12:00
One scenario is indexing the certificates based on the short hash, php
will magically expand this hex string in to a very large index number.
eg,
 'd5c242d7' =&gt; '-----BEGIN CERTIFICATE-----...'
will cause loop to go from i=0 to i=3586278103
diff --git a/lib/Saml2/Settings.php b/lib/Saml2/Settings.php
@@ -941,13 +941,13 @@ public function formatIdPCertMulti()
     {
         if (isset($this->_idp['x509certMulti'])) {
             if (isset($this->_idp['x509certMulti']['signing'])) {
-                for ($i=0; $i < count($this->_idp['x509certMulti']['signing']); $i++) {
-                    $this->_idp['x509certMulti']['signing'][$i] = OneLogin_Saml2_Utils::formatCert($this->_idp['x509certMulti']['signing'][$i]);
+                foreach($this->_idp['x509certMulti']['signing'] as $i => $cert) {
+                    $this->_idp['x509certMulti']['signing'][$i] = OneLogin_Saml2_Utils::formatCert($cert);
                 }
             }
             if (isset($this->_idp['x509certMulti']['encryption'])) {
-                for ($i=0; $i < count($this->_idp['x509certMulti']['encryption']); $i++) {
-                    $this->_idp['x509certMulti']['encryption'][$i] = OneLogin_Saml2_Utils::formatCert($this->_idp['x509certMulti']['encryption'][$i]);
+                foreach($this->_idp['x509certMulti']['encryption'] as $i => $cert) {
+                    $this->_idp['x509certMulti']['encryption'][$i] = OneLogin_Saml2_Utils::formatCert($cert);
                 }
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -941,13 +941,13 @@ public function formatIdPCertMulti()`
`941`	`941`	`{`
`942`	`942`	`if (isset($this->_idp['x509certMulti'])) {`
`943`	`943`	`if (isset($this->_idp['x509certMulti']['signing'])) {`
`944`		`- for ($i=0; $i < count($this->_idp['x509certMulti']['signing']); $i++) {`
`945`		`- $this->_idp['x509certMulti']['signing'][$i] = OneLogin_Saml2_Utils::formatCert($this->_idp['x509certMulti']['signing'][$i]);`
	`944`	`+ foreach($this->_idp['x509certMulti']['signing'] as $i => $cert) {`
	`945`	`+ $this->_idp['x509certMulti']['signing'][$i] = OneLogin_Saml2_Utils::formatCert($cert);`
`946`	`946`	`}`
`947`	`947`	`}`
`948`	`948`	`if (isset($this->_idp['x509certMulti']['encryption'])) {`
`949`		`- for ($i=0; $i < count($this->_idp['x509certMulti']['encryption']); $i++) {`
`950`		`- $this->_idp['x509certMulti']['encryption'][$i] = OneLogin_Saml2_Utils::formatCert($this->_idp['x509certMulti']['encryption'][$i]);`
	`949`	`+ foreach($this->_idp['x509certMulti']['encryption'] as $i => $cert) {`
	`950`	`+ $this->_idp['x509certMulti']['encryption'][$i] = OneLogin_Saml2_Utils::formatCert($cert);`
`951`	`951`	`}`
`952`	`952`	`}`
`953`	`953`	`}`