php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54060 Memory leaks when openssl_encrypt called
Submitted: 2011-02-21 09:16 UTC Modified: 2011-02-21 13:01 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: dovbysh at gmail dot com Assigned: pajoye
Status: Closed Package: OpenSSL related
PHP Version: 5.3SVN-2011-02-21 (snap) OS: Any
Private report: No CVE-ID:
 [2011-02-21 09:16 UTC] dovbysh at gmail dot com
Description:
------------
Memory leaks when I call openssl_encrypt. Test script shows that. I've watch at ext/openssl/openssl.c and according to http://www.openssl.org/docs/crypto/EVP_EncryptInit.html (see example at the bottom) you should free cipher_ctx. So I've put 			

EVP_CIPHER_CTX_cleanup(&cipher_ctx);

at line 4722 before 

RETVAL_STRINGL(base64_str, base64_str_len, 0);


Recompile php (make && make install) and after start test (mem_non_leaks.log) I have decreaced memory leakes. It's seems, it's not compleate patch


With memory leakes:
valgrind --log-file=mem_eak.log --leak-check=full  ~/php5.3/bin/php -d extension=openssl.so crypt_test_openssl.php

Report:
==31035== 76,713,600 bytes in 199,775 blocks are definitely lost in loss record 128 of 128
==31035==    at 0x4A05E1C: malloc (vg_replace_malloc.c:195)
==31035==    by 0x35670DAD91: CRYPTO_malloc (in /lib64/libcrypto.so.0.9.8e)
==31035==    by 0x35670D9450: EVP_CipherInit_ex (in /lib64/libcrypto.so.0.9.8e)
==31035==    by 0x861079C: ???
==31035==    by 0x76BED1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:316)
==31035==    by 0x771E17: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1606)
==31035==    by 0x76AEED: execute (zend_vm_execute.h:107)
==31035==    by 0x737E93: zend_execute_scripts (zend.c:1194)
==31035==    by 0x6B72E5: php_execute_script (main.c:2268)
==31035==    by 0x82AFA7: main (php_cli.c:1193)
==31035== 
==31035== LEAK SUMMARY:
==31035==    definitely lost: 76,713,984 bytes in 199,776 blocks
==31035==    indirectly lost: 0 bytes in 0 blocks
==31035==      possibly lost: 74,880 bytes in 195 blocks
==31035==    still reachable: 100,809 bytes in 1,688 blocks
==31035==         suppressed: 0 bytes in 0 blocks


Almost without memory leaks:
 valgrind --log-file=mem_non_leaks.log --leak-check=full  /home/dovbyshko/php5.3/bin/php -d extension=openssl.so crypt_test_openssl.php

==19014== LEAK SUMMARY:
==19014==    definitely lost: 384 bytes in 1 blocks
==19014==    indirectly lost: 0 bytes in 0 blocks
==19014==      possibly lost: 0 bytes in 0 blocks
==19014==    still reachable: 88,905 bytes in 1,657 blocks
==19014==         suppressed: 0 bytes in 0 blocks



Test script:
---------------
<?php

$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy 972439 8478942 yrhfjkdhls";
$pass = "r23498rui324hjbnkj";

$maxi = 200000;
$t = microtime(1);
for ($i=0;$i<$maxi; $i++){
	openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2');
}
$t = microtime(1)-$t;
print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs ".($maxi/$t)."#/sec \n";



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-21 10:48 UTC] pajoye@php.net
-Status: Open +Status: Assigned
 [2011-02-21 10:48 UTC] pajoye@php.net
verified, patch on its way.
 [2011-02-21 11:07 UTC] pajoye@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=308531
Log: - fix bug #54060, memory leak in openssl_encrypt
 [2011-02-21 11:07 UTC] pajoye@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pajoye
 [2011-02-21 11:07 UTC] pajoye@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2011-02-21 11:07 UTC] pajoye@php.net
-Operating System: Linux, Any +Operating System:
 [2011-02-21 12:45 UTC] dovbysh at gmail dot com
-Status: Closed +Status: Assigned -Operating System: +Operating System: Any
 [2011-02-21 12:45 UTC] dovbysh at gmail dot com
openssl_decrypt appears this bug too...
test script:

<?php

$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy 972439 8478942 yrhfjkdhls";
$pass = "r23498rui324hjbnkj";

$maxi = 200000;
$t = microtime(1);
for ($i=0;$i<$maxi; $i++){
	$cr = openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2');
	$dcr = openssl_decrypt($cr, 'des3', $pass, false, '1qazxsw2');
	if ($dcr != $data.$i){
		print "at step $i decryption failed\n";
	}
}
$t = microtime(1)-$t;
print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs ".($maxi/$t)."#/sec \n";
?>

fixes by add this code at line 4818 at the end of openssl_decrypt:
	EVP_CIPHER_CTX_cleanup(&cipher_ctx);
 [2011-02-21 12:51 UTC] pajoye@php.net
-Status: Assigned +Status: Closed
 [2011-02-21 12:51 UTC] pajoye@php.net
Please open a new bug for decrypt.

Also you don't need a loop to reproduce the leak, one run is enough :)
 [2011-02-21 13:01 UTC] dovbysh at gmail dot com
I've open Bug #54061.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 10:02:06 2014 UTC