php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54230 stream_socket_accept leaks memory on SSL protocol using peer parameter
Submitted: 2011-03-11 20:40 UTC Modified: 2021-08-08 04:22 UTC
Votes:3
Avg. Score:4.3 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: bas at baspeters dot com Assigned: cmb (profile)
Status: No Feedback Package: Streams related
PHP Version: 5.3.5 OS: Linux, FreeBSD, OSX
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: bas at baspeters dot com
New email:
PHP Version: OS:

 

 [2011-03-11 20:40 UTC] bas at baspeters dot com
Description:
------------
I encountered a memory leak issue when creating an SSL enabled socket server in a long lived process. When an incoming listening socket is accepted on either the SSL or TLS protocol, the &$peer passthrough variable in the stream_socket_accept function causes a memory leak.

NOTE: The test script below needs a valid certificate.pem file to work!!
NOTE: The test script spawns a webserver to be reached on 127.0.0.1:8888
NOTE: Testing can be done in a browser by choosing appropriate protocol (http/https) and perform regular page refreshes

Test matrix:
SSL=true, PEER=true   -> memory leak!
SSL=false, PEER=true  -> no memory leak
SSL=true, PEER=false  -> no memory leak
SSL=false, PEER=false -> no memory leak

Test script:
---------------
define('SSL', true);
define('PEER', true);

$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'local_cert', 'certificate.pem');
stream_context_set_option($context, 'ssl', 'passphrase', 'password');
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);

if(SSL) {
   $server = stream_socket_server("ssl://0.0.0.0:8888", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
} else {
   $server = stream_socket_server("tcp://0.0.0.0:8888", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN);
}

while(true) {
   if(PEER) { $client = @stream_socket_accept($server, 2, $peer); } else { $client = @stream_socket_accept($server, 2); }
   if($client === false) continue;
   @fwrite($client, "HTTP/1.1 200 OK\r\n\r\nMemory usage: ".memory_get_usage().' bytes');
   @fclose($client);
}

Expected result:
----------------
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes
Memory usage: 641032 bytes

Actual result:
--------------
Memory usage: 641368 bytes
Memory usage: 641560 bytes
Memory usage: 641752 bytes
Memory usage: 641944 bytes
Memory usage: 642232 bytes
Memory usage: 642424 bytes
Memory usage: 642616 bytes
Memory usage: 642808 bytes
Memory usage: 643000 bytes
Memory usage: 643192 bytes
Memory usage: 643384 bytes
Memory usage: 643576 bytes

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-11 21:38 UTC] bas at baspeters dot com
-Package: OpenSSL related +Package: Sockets related
 [2011-03-11 21:38 UTC] bas at baspeters dot com
For those who want to test but are unable to supply the required certificate.pem file, here is a link:
http://www.baspeters.com/patches/certificate.pem
password is 'password' as stated in the test script.

I have changed the Package from 'OpenSSL' to 'Sockets related' because I think it is a better match.
 [2011-03-12 00:14 UTC] felipe@php.net
I can't reproduce it. (OpenSSL 0.9.8g)

int(348020)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
int(348236)
 [2011-03-14 19:18 UTC] bas at baspeters dot com
-Operating System: Linux, OSX +Operating System: Linux, FreeBSD, OSX
 [2011-03-14 19:18 UTC] bas at baspeters dot com
I have managed to reproduce this behavior on the following systems:
FreeBSD 6.2                - PHP 5.4.2 - OpenSSL 0.9.7e-p1
FreeBSD 6.1                - PHP 5.2.0 - OpenSSL 0.9.7e-p1
Centos 2.6.18-194.32.1.el5 - PHP 5.3.5 - OpenSSL 0.9.8e-fips-rhel5
OSX 10.6.6                 - PHP 5.3.5 - OpenSSL 1.0.0d

Memory leak may be accelerated by pressing and holding F5 / CTRL-R / CMD-R in the browser window causing it to refresh at a rapid pace.
 [2011-05-09 16:23 UTC] cataphract@php.net
I can reproduce, but it's time sensitive.
 [2011-12-12 01:05 UTC] cataphract@php.net
-Package: Sockets related +Package: Streams related
 [2021-07-27 13:31 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-07-27 13:31 UTC] cmb@php.net
Does this still happen to you with any of the actively supported
PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2021-08-08 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon May 20 07:01:34 2024 UTC