PHP :: Bug #54230 :: stream_socket_accept leaks memory on SSL protocol using peer parameter

Bug #54230

stream_socket_accept leaks memory on SSL protocol using peer parameter

Submitted:

2011-03-11 20:40 UTC

Modified:

2021-08-08 04:22 UTC

Votes:	3
Avg. Score:	4.3 ± 0.5
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

bas at baspeters dot com

Assigned:

cmb (profile)

Status:

No Feedback

Package:

Streams related

PHP Version:

5.3.5

OS:

Linux, FreeBSD, OSX

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	bas at baspeters dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2011-03-11 20:40 UTC] bas at baspeters dot com

Description:
------------
I encountered a memory leak issue when creating an SSL enabled socket server in a long lived process. When an incoming listening socket is accepted on either the SSL or TLS protocol, the &$peer passthrough variable in the stream_socket_accept function causes a memory leak.

NOTE: The test script below needs a valid certificate.pem file to work!!
NOTE: The test script spawns a webserver to be reached on 127.0.0.1:8888
NOTE: Testing can be done in a browser by choosing appropriate protocol (http/https) and perform regular page refreshes

Test matrix:
SSL=true, PEER=true   -> memory leak!
SSL=false, PEER=true  -> no memory leak
SSL=true, PEER=false  -> no memory leak
SSL=false, PEER=false -> no memory leak

Test script:
---------------
define('SSL', true);
define('PEER', true);

$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'local_cert', 'certificate.pem');
stream_context_set_option($context, 'ssl', 'passphrase', 'password');
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);

if(SSL) {
   $server = stream_socket_server("ssl://0.0.0.0:8888", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
} else {
   $server = stream_socket_server("tcp://0.0.0.0:8888", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN);
}

while(true) {
   if(PEER) { $client = @stream_socket_accept($server, 2, $peer); } else { $client = @stream_socket_accept($server, 2); }
   if($client === false) continue;
   @fwrite($client, "HTTP/1.1 200 OK\r\n\r\nMemory usage: ".memory_get_usage().' bytes');
   @fclose($client);
}

Expected result:
----------------
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes

Actual result:
--------------
Memory usage: 641368 bytes
Memory usage: 641560 bytes
Memory usage: 641752 bytes
Memory usage: 641944 bytes
Memory usage: 642232 bytes
Memory usage: 642424 bytes
Memory usage: 642616 bytes
Memory usage: 642808 bytes
Memory usage: 643000 bytes
Memory usage: 643192 bytes
Memory usage: 643384 bytes
Memory usage: 643576 bytes

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-03-11 21:38 UTC] bas at baspeters dot com

-Package: OpenSSL related +Package: Sockets related

[2011-03-11 21:38 UTC] bas at baspeters dot com

For those who want to test but are unable to supply the required certificate.pem file, here is a link:
http://www.baspeters.com/patches/certificate.pem
password is 'password' as stated in the test script.

I have changed the Package from 'OpenSSL' to 'Sockets related' because I think it is a better match.

[2011-03-12 00:14 UTC] felipe@php.net

I can't reproduce it. (OpenSSL 0.9.8g)

int(348020)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)

[2011-03-14 19:18 UTC] bas at baspeters dot com

-Operating System: Linux, OSX +Operating System: Linux, FreeBSD, OSX

[2011-03-14 19:18 UTC] bas at baspeters dot com

I have managed to reproduce this behavior on the following systems:
FreeBSD 6.2                - PHP 5.4.2 - OpenSSL 0.9.7e-p1
FreeBSD 6.1                - PHP 5.2.0 - OpenSSL 0.9.7e-p1
Centos 2.6.18-194.32.1.el5 - PHP 5.3.5 - OpenSSL 0.9.8e-fips-rhel5
OSX 10.6.6                 - PHP 5.3.5 - OpenSSL 1.0.0d

Memory leak may be accelerated by pressing and holding F5 / CTRL-R / CMD-R in the browser window causing it to refresh at a rapid pace.

[2011-05-09 16:23 UTC] cataphract@php.net

I can reproduce, but it's time sensitive.

[2011-12-12 01:05 UTC] cataphract@php.net

-Package: Sockets related +Package: Streams related

[2021-07-27 13:31 UTC] cmb@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb

[2021-07-27 13:31 UTC] cmb@php.net

Does this still happen to you with any of the actively supported
PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>

[2021-08-08 04:22 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Jul 14 20:01:55 2025 UTC