php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69402 Reading empty SSL stream hangs until timeout
Submitted: 2015-04-09 06:08 UTC Modified: 2015-04-14 15:34 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: carl dot vuorinen at w3 dot fi Assigned: rdlowrey (profile)
Status: Closed Package: Streams related
PHP Version: 5.6.7 OS: Ubuntu
Private report: No CVE-ID: None
 [2015-04-09 06:08 UTC] carl dot vuorinen at w3 dot fi
Description:
------------
Connecting to an SSL socket stream and trying to read from the stream when it's empty, results in the script hanging with 100% CPU usage until timeout (either socket timeout or PHP max execution time, which ever comes first).

Only environment where I (and others) have been able to reproduce this is PHP 5.6.7 on Ubuntu 14.04. I have tested on few CentOS servers with PHP 5.4, 5.5 and 5.6 and they all work fine. Also on a Debian server with PHP 5.4 the same script works fine.

More info here: https://github.com/zendframework/ZendService_Apple_Apns/issues/19

Test script:
---------------
Unfortunately I haven't been able to reproduce this without a valid SSL stream so the example code requires a connection to Apple APNS sandbox server and a valid local certificate provided by Apple (which I obviously cannot share). If anyone knows how this kind of connection could be established in a more generic and easily reproducible way, that would be great.

https://gist.github.com/cvuorinen/1640b1a8ff2a7a19dd8e

Expected result:
----------------
string(0) ""

Actual result:
--------------
Fatal error: Maximum execution time of 10 seconds exceeded in /tmp/stream_test.php on line 27

Call Stack:
    0.0001     233600   1. {main}() /tmp/stream_test.php:0
    0.4907     236528   2. fread() /tmp/stream_test.php:27

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-11 23:03 UTC] requinix@php.net
-Operating System: Ubuntu 14.04 +Operating System: Ubuntu
 [2015-04-11 23:03 UTC] requinix@php.net
Bug #69428 repros this using an IRC server on the other end.
 [2015-04-13 20:02 UTC] schmidt dot a at rogers dot com
I've experienced the same thing on 5.5.23 (this did not occur in 5.5.22).  There were 4 issues fixed in 5.5.23 related to streams and openssl.
 [2015-04-14 13:57 UTC] rdlowrey@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: rdlowrey
 [2015-04-14 14:11 UTC] rdlowrey@php.net
-Status: Assigned +Status: Verified
 [2015-04-14 15:28 UTC] rdlowrey@php.net
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=601d60a978b9e053ab8e6dc0f12ff850fc642ced
Log: Fix Bug #69402: Reading empty SSL stream hangs until timeout
 [2015-04-14 15:28 UTC] rdlowrey@php.net
-Status: Verified +Status: Closed
 [2015-04-14 15:28 UTC] rdlowrey@php.net
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=81f356b4aea79cd8f86e16096c7ccfbc455bfc3c
Log: Fix Bug #69402: Reading empty SSL stream hangs until timeout
 [2015-04-14 15:28 UTC] rdlowrey@php.net
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=81f356b4aea79cd8f86e16096c7ccfbc455bfc3c
Log: Fix Bug #69402: Reading empty SSL stream hangs until timeout
 [2015-04-14 15:34 UTC] rdlowrey@php.net
This is now fixed upstream in 5.5 and 5.6 branches. The RC period has already begun for 5.5.24 and 5.6.8 so this fix will not be reflected in releases until 5.5.25 and 5.6.9.

In the meantime you can try with the latest snap builds (after a few hours pass):

http://snaps.php.net/
http://windows.php.net/snapshots/
 [2015-04-14 18:13 UTC] stas@php.net
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=601d60a978b9e053ab8e6dc0f12ff850fc642ced
Log: Fix Bug #69402: Reading empty SSL stream hangs until timeout
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 09:01:30 2024 UTC