php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75363 openssl_x509_parse leaks memory
Submitted: 2017-10-12 08:21 UTC Modified: -
From: kelunik@php.net Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 7.2.0RC4 OS: Linux
Private report: No CVE-ID: None
 [2017-10-12 08:21 UTC] kelunik@php.net
Description:
------------
openssl_x509_parse leaks memory, which is never freed again. Test certificate is the Let's Encrypt root certificate: https://letsencrypt.org/certs/isrgrootx1.pem.txt

https://bugs.php.net/bug.php?id=38261 is already closed and is only about invalid certificates.

Test script:
---------------
<?php

$pem = file_get_contents(__DIR__ . "/test.crt");
$i = 0;

while (true) {
    $cert = openssl_x509_read($pem);
    $info = openssl_x509_parse($cert); // <-- without it, it doesn't leak
    openssl_x509_free($cert);
    unset($cert);

    if ($i++ % 10000 === 0) {
        print PHP_EOL;
        print memory_get_usage(true);
        print PHP_EOL;
    }
}

Expected result:
----------------
2097152

2097152

2097152

2097152

2097152

2097152

2097152

2097152

Actual result:
--------------
2097152

2097152

4194304

4194304

6295552

6295552

6295552

8392704

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-12 10:30 UTC] bwoebi@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a55af1e2719d2f0abac21a9a3db04f960b4fbd38
Log: Fixed bug #75363 (openssl_x509_parse leaks memory)
 [2017-10-12 10:30 UTC] bwoebi@php.net
-Status: Open +Status: Closed
 [2017-10-12 10:31 UTC] bwoebi@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a55af1e2719d2f0abac21a9a3db04f960b4fbd38
Log: Fixed bug #75363 (openssl_x509_parse leaks memory)
 [2017-10-12 10:32 UTC] bwoebi@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a55af1e2719d2f0abac21a9a3db04f960b4fbd38
Log: Fixed bug #75363 (openssl_x509_parse leaks memory)
 [2017-10-12 10:32 UTC] bwoebi@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a55af1e2719d2f0abac21a9a3db04f960b4fbd38
Log: Fixed bug #75363 (openssl_x509_parse leaks memory)
 [2017-10-15 19:27 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=999fe36d404a375864202a1b2d90de111ddd1b25
Log: Properly fix #75363 and address some other leaks with cert
 [2017-10-15 19:33 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=999fe36d404a375864202a1b2d90de111ddd1b25
Log: Properly fix #75363 and address some other leaks with cert
 [2017-10-15 19:35 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=999fe36d404a375864202a1b2d90de111ddd1b25
Log: Properly fix #75363 and address some other leaks with cert
 [2017-10-16 08:55 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=999fe36d404a375864202a1b2d90de111ddd1b25
Log: Properly fix #75363 and address some other leaks with cert
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 03:01:29 2024 UTC