PHP :: Bug #65228 :: FTPs memory leak

Bug #65228

FTPs memory leak

Submitted:

2013-07-09 20:49 UTC

Modified:

2013-07-13 20:56 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	0 (0.0%)

From:

marco dot beierer at mbsecurity dot ch

Assigned:

felipe (profile)

Status:

Closed

Package:

FTP related

PHP Version:

5.5.0

OS:

Gentoo Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	marco dot beierer at mbsecurity dot ch
New email:
PHP Version:		OS:

New Comment:

[2013-07-09 20:49 UTC] marco dot beierer at mbsecurity dot ch

Description:
------------
There is a memory leak in the functions ftp_login, ftp_get and ftp_fget, if FTP is used over SSL.

The leak is caused in the file ext/ftp/ftp.c, because just SSL_shutdown(), but not SSL_free(), is called when the connection gets closed.

I have tested the PHP versions 5.3.23, 5.4.13 and 5.5.0 and all are affected by this issue.

The memory leak could be reproduced by connecting to a FTP server via FTPs (see test script).

Please find attached a patch for this issue, but I am not a C expert and thus the patch maybe not perfect. Especially the part for freeing SSL_CTX. However the patch works fine and fixes the problem.

Test script:
---------------
<?php
$hostname = '';
$port = '21';
$username = '';
$password = '';

$file = 'index.php';

$connection = ftp_ssl_connect($hostname, $port);

ftp_login($connection, $username, $password);
ftp_pasv($connection, true);
ftp_get($connection, $file, $file, FTP_ASCII);
?>

Expected result:
----------------
No memory leak.

Actual result:
--------------
==16800== 59,938 (808 direct, 59,130 indirect) bytes in 1 blocks are definitely lost in loss record 211 of 227
==16800==    at 0x4C2B4CB: malloc (vg_replace_malloc.c:270)
==16800==    by 0x701E0AD: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.0)
==16800==    by 0x72EA56F: SSL_new (in /usr/lib64/libssl.so.1.0.0)
==16800==    by 0x5069B4: data_accept (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x508A25: ftp_get (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x5054A5: zif_ftp_get (in /usr/lib64/php5.4/bin/php)
==16800==    by 0xBF64DC4: ???
==16800==    by 0x7D99D1: zend_do_fcall_common_helper_SPEC (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x78D903: execute (in /usr/lib64/php5.4/bin/php)
==16800==    by 0xBF66501: ???
==16800==    by 0x72696A: zend_execute_scripts (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x6B9E77: php_execute_script (in /usr/lib64/php5.4/bin/php)


==16800== 616,834 (808 direct, 616,026 indirect) bytes in 1 blocks are definitely lost in loss record 227 of 227
==16800==    at 0x4C2B4CB: malloc (vg_replace_malloc.c:270)
==16800==    by 0x701E0AD: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.0)
==16800==    by 0x72EA56F: SSL_new (in /usr/lib64/libssl.so.1.0.0)
==16800==    by 0x50766C: ftp_login (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x506479: zif_ftp_login (in /usr/lib64/php5.4/bin/php)
==16800==    by 0xBF64DC4: ???
==16800==    by 0x7D99D1: zend_do_fcall_common_helper_SPEC (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x78D903: execute (in /usr/lib64/php5.4/bin/php)
==16800==    by 0xBF66501: ???
==16800==    by 0x72696A: zend_execute_scripts (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x6B9E77: php_execute_script (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x7DC7CD: do_cli (in /usr/lib64/php5.4/bin/php)


==16800== LEAK SUMMARY:
==16800==    definitely lost: 1,622 bytes in 3 blocks
==16800==    indirectly lost: 675,156 bytes in 1,054 blocks
==16800==      possibly lost: 687,752 bytes in 15 blocks
==16800==    still reachable: 3,636 bytes in 8 blocks
==16800==         suppressed: 0 bytes in 0 blocks


==16800== ERROR SUMMARY: 1227 errors from 1017 contexts (suppressed: 2 from 2)

Patches

ftp.c.patch (last revision 2013-07-09 20:49 UTC by marco dot beierer at mbsecurity dot ch)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-07-09 20:56 UTC] marco dot beierer at mbsecurity dot ch

I forgot to close the FTPs connection in the test script, but that does not affect the result...

[2013-07-13 20:55 UTC] felipe@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: felipe

[2013-07-13 20:55 UTC] felipe@php.net

The patch has been applied to 5.4+ branches.

http://git.php.net/?p=php-src.git;a=commitdiff;h=0863a0d6a0f740874b4ef8dc732a4ec94949470c

Thanks for the patch.

[2013-07-13 20:56 UTC] felipe@php.net

-Package: Streams related +Package: FTP related

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 12:01:29 2024 UTC