php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69402 Reading empty SSL stream hangs until timeout
Submitted: 2015-04-09 06:08 UTC Modified: 2015-04-14 15:34 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: carl dot vuorinen at w3 dot fi Assigned: rdlowrey (profile)
Status: Closed Package: Streams related
PHP Version: 5.6.7 OS: Ubuntu
Private report: No CVE-ID: None
View Developer Edit
 [2015-04-09 06:08 UTC] carl dot vuorinen at w3 dot fi 
Description:
------------
Connecting to an SSL socket stream and trying to read from the stream when it's empty, results in the script hanging with 100% CPU usage until timeout (either socket timeout or PHP max execution time, which ever comes first).

Only environment where I (and others) have been able to reproduce this is PHP 5.6.7 on Ubuntu 14.04. I have tested on few CentOS servers with PHP 5.4, 5.5 and 5.6 and they all work fine. Also on a Debian server with PHP 5.4 the same script works fine.

More info here: https://github.com/zendframework/ZendService_Apple_Apns/issues/19

Test script:
---------------
Unfortunately I haven't been able to reproduce this without a valid SSL stream so the example code requires a connection to Apple APNS sandbox server and a valid local certificate provided by Apple (which I obviously cannot share). If anyone knows how this kind of connection could be established in a more generic and easily reproducible way, that would be great.

https://gist.github.com/cvuorinen/1640b1a8ff2a7a19dd8e

Expected result:
----------------
string(0) ""

Actual result:
--------------
Fatal error: Maximum execution time of 10 seconds exceeded in /tmp/stream_test.php on line 27

Call Stack:
    0.0001     233600   1. {main}() /tmp/stream_test.php:0
    0.4907     236528   2. fread() /tmp/stream_test.php:27

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-11 23:02 UTC] requinix@php.net 
Related To: Bug #69428
 [2015-04-11 23:03 UTC] requinix@php.net
-Operating System: Ubuntu 14.04 +Operating System: Ubuntu
 [2015-04-11 23:03 UTC] requinix@php.net 
Bug #69428 repros this using an IRC server on the other end.
 [2015-04-13 20:02 UTC] schmidt dot a at rogers dot com 
I've experienced the same thing on 5.5.23 (this did not occur in 5.5.22).  There were 4 issues fixed in 5.5.23 related to streams and openssl.
 [2015-04-14 13:57 UTC] rdlowrey@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: rdlowrey
 [2015-04-14 14:11 UTC] rdlowrey@php.net
-Status: Assigned +Status: Verified
 [2015-04-14 15:28 UTC] rdlowrey@php.net 
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=601d60a978b9e053ab8e6dc0f12ff850fc642ced
Log: Fix Bug #69402: Reading empty SSL stream hangs until timeout
 [2015-04-14 15:28 UTC] rdlowrey@php.net
-Status: Verified +Status: Closed
 [2015-04-14 15:28 UTC] rdlowrey@php.net 
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=81f356b4aea79cd8f86e16096c7ccfbc455bfc3c
Log: Fix Bug #69402: Reading empty SSL stream hangs until timeout
 [2015-04-14 15:28 UTC] rdlowrey@php.net 
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=81f356b4aea79cd8f86e16096c7ccfbc455bfc3c
Log: Fix Bug #69402: Reading empty SSL stream hangs until timeout
 [2015-04-14 15:34 UTC] rdlowrey@php.net 
This is now fixed upstream in 5.5 and 5.6 branches. The RC period has already begun for 5.5.24 and 5.6.8 so this fix will not be reflected in releases until 5.5.25 and 5.6.9.

In the meantime you can try with the latest snap builds (after a few hours pass):

http://snaps.php.net/
http://windows.php.net/snapshots/
 [2015-04-14 18:13 UTC] stas@php.net 
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=601d60a978b9e053ab8e6dc0f12ff850fc642ced
Log: Fix Bug #69402: Reading empty SSL stream hangs until timeout
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Apr 07 12:01:29 2025 UTC