php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65228 FTPs memory leak
Submitted: 2013-07-09 20:49 UTC Modified: 2013-07-13 20:56 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: marco dot beierer at mbsecurity dot ch Assigned: felipe
Status: Closed Package: FTP related
PHP Version: 5.5.0 OS: Gentoo Linux
Private report: No CVE-ID:
 [2013-07-09 20:49 UTC] marco dot beierer at mbsecurity dot ch
Description:
------------
There is a memory leak in the functions ftp_login, ftp_get and ftp_fget, if FTP is used over SSL.

The leak is caused in the file ext/ftp/ftp.c, because just SSL_shutdown(), but not SSL_free(), is called when the connection gets closed.

I have tested the PHP versions 5.3.23, 5.4.13 and 5.5.0 and all are affected by this issue.

The memory leak could be reproduced by connecting to a FTP server via FTPs (see test script).

Please find attached a patch for this issue, but I am not a C expert and thus the patch maybe not perfect. Especially the part for freeing SSL_CTX. However the patch works fine and fixes the problem.

Test script:
---------------
<?php
$hostname = '';
$port = '21';
$username = '';
$password = '';

$file = 'index.php';

$connection = ftp_ssl_connect($hostname, $port);

ftp_login($connection, $username, $password);
ftp_pasv($connection, true);
ftp_get($connection, $file, $file, FTP_ASCII);
?>

Expected result:
----------------
No memory leak.

Actual result:
--------------
==16800== 59,938 (808 direct, 59,130 indirect) bytes in 1 blocks are definitely lost in loss record 211 of 227
==16800==    at 0x4C2B4CB: malloc (vg_replace_malloc.c:270)
==16800==    by 0x701E0AD: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.0)
==16800==    by 0x72EA56F: SSL_new (in /usr/lib64/libssl.so.1.0.0)
==16800==    by 0x5069B4: data_accept (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x508A25: ftp_get (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x5054A5: zif_ftp_get (in /usr/lib64/php5.4/bin/php)
==16800==    by 0xBF64DC4: ???
==16800==    by 0x7D99D1: zend_do_fcall_common_helper_SPEC (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x78D903: execute (in /usr/lib64/php5.4/bin/php)
==16800==    by 0xBF66501: ???
==16800==    by 0x72696A: zend_execute_scripts (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x6B9E77: php_execute_script (in /usr/lib64/php5.4/bin/php)


==16800== 616,834 (808 direct, 616,026 indirect) bytes in 1 blocks are definitely lost in loss record 227 of 227
==16800==    at 0x4C2B4CB: malloc (vg_replace_malloc.c:270)
==16800==    by 0x701E0AD: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.0)
==16800==    by 0x72EA56F: SSL_new (in /usr/lib64/libssl.so.1.0.0)
==16800==    by 0x50766C: ftp_login (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x506479: zif_ftp_login (in /usr/lib64/php5.4/bin/php)
==16800==    by 0xBF64DC4: ???
==16800==    by 0x7D99D1: zend_do_fcall_common_helper_SPEC (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x78D903: execute (in /usr/lib64/php5.4/bin/php)
==16800==    by 0xBF66501: ???
==16800==    by 0x72696A: zend_execute_scripts (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x6B9E77: php_execute_script (in /usr/lib64/php5.4/bin/php)
==16800==    by 0x7DC7CD: do_cli (in /usr/lib64/php5.4/bin/php)


==16800== LEAK SUMMARY:
==16800==    definitely lost: 1,622 bytes in 3 blocks
==16800==    indirectly lost: 675,156 bytes in 1,054 blocks
==16800==      possibly lost: 687,752 bytes in 15 blocks
==16800==    still reachable: 3,636 bytes in 8 blocks
==16800==         suppressed: 0 bytes in 0 blocks


==16800== ERROR SUMMARY: 1227 errors from 1017 contexts (suppressed: 2 from 2)


Patches

ftp.c.patch (last revision 2013-07-09 20:49 UTC) by marco dot beierer at mbsecurity dot ch)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-09 20:56 UTC] marco dot beierer at mbsecurity dot ch
I forgot to close the FTPs connection in the test script, but that does not affect the result...
 [2013-07-13 20:55 UTC] felipe@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: felipe
 [2013-07-13 20:55 UTC] felipe@php.net
The patch has been applied to 5.4+ branches.

http://git.php.net/?p=php-src.git;a=commitdiff;h=0863a0d6a0f740874b4ef8dc732a4ec94949470c

Thanks for the patch.
 [2013-07-13 20:56 UTC] felipe@php.net
-Package: Streams related +Package: FTP related
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 08:02:55 2014 UTC