php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #75363 openssl_x509_parse leaks memory
Submitted: 2017-10-12 08:21 UTC Modified: -
From: kelunik@php.net Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 7.2.0RC4 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kelunik@php.net
New email:
PHP Version: OS:

 

 [2017-10-12 08:21 UTC] kelunik@php.net 
Description:
------------
openssl_x509_parse leaks memory, which is never freed again. Test certificate is the Let's Encrypt root certificate: https://letsencrypt.org/certs/isrgrootx1.pem.txt

https://bugs.php.net/bug.php?id=38261 is already closed and is only about invalid certificates.

Test script:
---------------
<?php

$pem = file_get_contents(__DIR__ . "/test.crt");
$i = 0;

while (true) {
    $cert = openssl_x509_read($pem);
    $info = openssl_x509_parse($cert); // <-- without it, it doesn't leak
    openssl_x509_free($cert);
    unset($cert);

    if ($i++ % 10000 === 0) {
        print PHP_EOL;
        print memory_get_usage(true);
        print PHP_EOL;
    }
}

Expected result:
----------------
2097152

2097152

2097152

2097152

2097152

2097152

2097152

2097152

Actual result:
--------------
2097152

2097152

4194304

4194304

6295552

6295552

6295552

8392704

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-12 10:30 UTC] bwoebi@php.net 
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a55af1e2719d2f0abac21a9a3db04f960b4fbd38
Log: Fixed bug #75363 (openssl_x509_parse leaks memory)
 [2017-10-12 10:30 UTC] bwoebi@php.net
-Status: Open +Status: Closed
 [2017-10-12 10:31 UTC] bwoebi@php.net 
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a55af1e2719d2f0abac21a9a3db04f960b4fbd38
Log: Fixed bug #75363 (openssl_x509_parse leaks memory)
 [2017-10-12 10:32 UTC] bwoebi@php.net 
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a55af1e2719d2f0abac21a9a3db04f960b4fbd38
Log: Fixed bug #75363 (openssl_x509_parse leaks memory)
 [2017-10-12 10:32 UTC] bwoebi@php.net 
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a55af1e2719d2f0abac21a9a3db04f960b4fbd38
Log: Fixed bug #75363 (openssl_x509_parse leaks memory)
 [2017-10-15 19:27 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=999fe36d404a375864202a1b2d90de111ddd1b25
Log: Properly fix #75363 and address some other leaks with cert
 [2017-10-15 19:33 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=999fe36d404a375864202a1b2d90de111ddd1b25
Log: Properly fix #75363 and address some other leaks with cert
 [2017-10-15 19:35 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=999fe36d404a375864202a1b2d90de111ddd1b25
Log: Properly fix #75363 and address some other leaks with cert
 [2017-10-16 08:55 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=999fe36d404a375864202a1b2d90de111ddd1b25
Log: Properly fix #75363 and address some other leaks with cert
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Nov 23 08:01:28 2024 UTC