PHP :: Bug #54230 :: stream_socket_accept leaks memory on SSL protocol using peer parameter

Bug #54230

stream_socket_accept leaks memory on SSL protocol using peer parameter

Submitted:

2011-03-11 20:40 UTC

Modified:

2011-12-12 01:05 UTC

Votes:	3
Avg. Score:	4.3 ± 0.5
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

bas at baspeters dot com

Assigned:

Status:

Open

Package:

Streams related

PHP Version:

5.3.5

OS:

Linux, FreeBSD, OSX

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	bas at baspeters dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2011-03-11 20:40 UTC] bas at baspeters dot com

Description:
------------
I encountered a memory leak issue when creating an SSL enabled socket server in a long lived process. When an incoming listening socket is accepted on either the SSL or TLS protocol, the &$peer passthrough variable in the stream_socket_accept function causes a memory leak.

NOTE: The test script below needs a valid certificate.pem file to work!!
NOTE: The test script spawns a webserver to be reached on 127.0.0.1:8888
NOTE: Testing can be done in a browser by choosing appropriate protocol (http/https) and perform regular page refreshes

Test matrix:
SSL=true, PEER=true   -> memory leak!
SSL=false, PEER=true  -> no memory leak
SSL=true, PEER=false  -> no memory leak
SSL=false, PEER=false -> no memory leak

Test script:
---------------
define('SSL', true);
define('PEER', true);

$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'local_cert', 'certificate.pem');
stream_context_set_option($context, 'ssl', 'passphrase', 'password');
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);

if(SSL) {
   $server = stream_socket_server("ssl://0.0.0.0:8888", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
} else {
   $server = stream_socket_server("tcp://0.0.0.0:8888", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN);
}

while(true) {
   if(PEER) { $client = @stream_socket_accept($server, 2, $peer); } else { $client = @stream_socket_accept($server, 2); }
   if($client === false) continue;
   @fwrite($client, "HTTP/1.1 200 OK\r\n\r\nMemory usage: ".memory_get_usage().' bytes');
   @fclose($client);
}

Expected result:
----------------
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes

Actual result:
--------------
Memory usage: 641368 bytes
Memory usage: 641560 bytes
Memory usage: 641752 bytes
Memory usage: 641944 bytes
Memory usage: 642232 bytes
Memory usage: 642424 bytes
Memory usage: 642616 bytes
Memory usage: 642808 bytes
Memory usage: 643000 bytes
Memory usage: 643192 bytes
Memory usage: 643384 bytes
Memory usage: 643576 bytes

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-03-11 21:38 UTC] bas at baspeters dot com

-Package: OpenSSL related +Package: Sockets related

[2011-03-11 21:38 UTC] bas at baspeters dot com

For those who want to test but are unable to supply the required certificate.pem file, here is a link:
http://www.baspeters.com/patches/certificate.pem
password is 'password' as stated in the test script.

I have changed the Package from 'OpenSSL' to 'Sockets related' because I think it is a better match.

[2011-03-12 00:14 UTC] felipe@php.net

I can't reproduce it. (OpenSSL 0.9.8g)

int(348020)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)

[2011-03-14 19:18 UTC] bas at baspeters dot com

-Operating System: Linux, OSX +Operating System: Linux, FreeBSD, OSX

[2011-03-14 19:18 UTC] bas at baspeters dot com

I have managed to reproduce this behavior on the following systems:
FreeBSD 6.2                - PHP 5.4.2 - OpenSSL 0.9.7e-p1
FreeBSD 6.1                - PHP 5.2.0 - OpenSSL 0.9.7e-p1
Centos 2.6.18-194.32.1.el5 - PHP 5.3.5 - OpenSSL 0.9.8e-fips-rhel5
OSX 10.6.6                 - PHP 5.3.5 - OpenSSL 1.0.0d

Memory leak may be accelerated by pressing and holding F5 / CTRL-R / CMD-R in the browser window causing it to refresh at a rapid pace.

[2011-05-09 16:23 UTC] cataphract@php.net

I can reproduce, but it's time sensitive.

[2011-12-12 01:05 UTC] cataphract@php.net

-Package: Sockets related +Package: Streams related

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2019 The PHP Group All rights reserved.	Last updated: Thu Dec 12 19:01:25 2019 UTC