PHP :: Bug #74099 :: Memory leak with openssl

Bug #74099	Memory leak with openssl_encrypt()
Submitted:	2017-02-15 09:30 UTC	Modified:	-
From:	marcel at webdisplay dot nl	Assigned:
Status:	Closed	Package:	OpenSSL related
PHP Version:	7.1.1	OS:	macOS Sierra
Private report:	No	CVE-ID:	None

View Developer Edit

[2017-02-15 09:30 UTC] marcel at webdisplay dot nl

Description:
------------
Encrypting an empty string in AES-256-GCM should return an empty string and valid tag but instead it returns 32 bytes of data from memory which could leak information.

Test script:
---------------
$aad = random_bytes(32);
$iv = random_bytes(16);
$key = random_bytes(32);

$plaintext = '';
$tag = null;

$ciphertext = openssl_encrypt($plaintext, 'aes-256-gcm', $key, \OPENSSL_RAW_DATA, $iv, $tag, $aad);

// $ciphertext should be an empty string but it is not in PHP 7.1.*
// Instead it returns random data from memory!
printf("ciphertext=%s, tag=%s", bin2hex($ciphertext), bin2hex($tag));


Expected result:
----------------
An empty string must be returned

Actual result:
--------------
A 32-byte string from memory is returned

Patches

Pull Requests

Pull requests:

Fixed #74099 - Memory leak with openssl_encrypt() (php-src/2389)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-02-17 09:36 UTC] andrew dot nester dot dev at gmail dot com

Thanks for reporting this issue! Just added PR with fix for this.

[2017-02-17 20:23 UTC] nikic@php.net

Automatic comment on behalf of andrew.nester.dev@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=15b8b124ae1017dc31dae46cee73b702d77f85b8
Log: Fixed #74099 - Memory leak with openssl_encrypt()

[2017-02-17 20:23 UTC] nikic@php.net

-Status: Open +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Feb 22 17:01:28 2025 UTC