php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54230 stream_socket_accept leaks memory on SSL protocol using peer parameter
Submitted: 2011-03-11 20:40 UTC Modified: 2011-12-12 01:05 UTC
Votes:3
Avg. Score:4.3 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: bas at baspeters dot com Assigned:
Status: Open Package: Streams related
PHP Version: 5.3.5 OS: Linux, FreeBSD, OSX
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: bas at baspeters dot com
New email:
PHP Version: OS:

 

 [2011-03-11 20:40 UTC] bas at baspeters dot com
Description:
------------
I encountered a memory leak issue when creating an SSL enabled socket server in a long lived process. When an incoming listening socket is accepted on either the SSL or TLS protocol, the &$peer passthrough variable in the stream_socket_accept function causes a memory leak.

NOTE: The test script below needs a valid certificate.pem file to work!!
NOTE: The test script spawns a webserver to be reached on 127.0.0.1:8888
NOTE: Testing can be done in a browser by choosing appropriate protocol (http/https) and perform regular page refreshes

Test matrix:
SSL=true, PEER=true   -> memory leak!
SSL=false, PEER=true  -> no memory leak
SSL=true, PEER=false  -> no memory leak
SSL=false, PEER=false -> no memory leak

Test script:
---------------
define('SSL', true);
define('PEER', true);

$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'local_cert', 'certificate.pem');
stream_context_set_option($context, 'ssl', 'passphrase', 'password');
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);

if(SSL) {
   $server = stream_socket_server("ssl://0.0.0.0:8888", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
} else {
   $server = stream_socket_server("tcp://0.0.0.0:8888", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN);
}

while(true) {
   if(PEER) { $client = @stream_socket_accept($server, 2, $peer); } else { $client = @stream_socket_accept($server, 2); }
   if($client === false) continue;
   @fwrite($client, "HTTP/1.1 200 OK\r\n\r\nMemory usage: ".memory_get_usage().' bytes');
   @fclose($client);
}

Expected result:
----------------
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes

Actual result:
--------------
Memory usage: 641368 bytes
Memory usage: 641560 bytes
Memory usage: 641752 bytes
Memory usage: 641944 bytes
Memory usage: 642232 bytes
Memory usage: 642424 bytes
Memory usage: 642616 bytes
Memory usage: 642808 bytes
Memory usage: 643000 bytes
Memory usage: 643192 bytes
Memory usage: 643384 bytes
Memory usage: 643576 bytes

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-11 21:38 UTC] bas at baspeters dot com
-Package: OpenSSL related +Package: Sockets related
 [2011-03-11 21:38 UTC] bas at baspeters dot com
For those who want to test but are unable to supply the required certificate.pem file, here is a link:
http://www.baspeters.com/patches/certificate.pem
password is 'password' as stated in the test script.

I have changed the Package from 'OpenSSL' to 'Sockets related' because I think it is a better match.
 [2011-03-12 00:14 UTC] felipe@php.net
I can't reproduce it. (OpenSSL 0.9.8g)

int(348020)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
 [2011-03-14 19:18 UTC] bas at baspeters dot com
-Operating System: Linux, OSX +Operating System: Linux, FreeBSD, OSX
 [2011-03-14 19:18 UTC] bas at baspeters dot com
I have managed to reproduce this behavior on the following systems:
FreeBSD 6.2                - PHP 5.4.2 - OpenSSL 0.9.7e-p1
FreeBSD 6.1                - PHP 5.2.0 - OpenSSL 0.9.7e-p1
Centos 2.6.18-194.32.1.el5 - PHP 5.3.5 - OpenSSL 0.9.8e-fips-rhel5
OSX 10.6.6                 - PHP 5.3.5 - OpenSSL 1.0.0d

Memory leak may be accelerated by pressing and holding F5 / CTRL-R / CMD-R in the browser window causing it to refresh at a rapid pace.
 [2011-05-09 16:23 UTC] cataphract@php.net
I can reproduce, but it's time sensitive.
 [2011-12-12 01:05 UTC] cataphract@php.net
-Package: Sockets related +Package: Streams related
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC