php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66952 memory leak in openssl_open()
Submitted: 2014-03-25 04:30 UTC Modified: 2014-04-14 20:48 UTC
From: chuanm at gmail dot com Assigned: stas
Status: Closed Package: OpenSSL related
PHP Version: 5.4.26 OS: centos 6.4
Private report: No CVE-ID:
 [2014-03-25 04:30 UTC] chuanm at gmail dot com
Description:
------------
This bug is related to https://bugs.php.net/bug.php?id=66942, where openssl_seal() has memory leak. I've got a pull request for the other bug and will provide one for this bug.

### Compiled with:

./configure --with-openssl --with-openssl-dir=/usr/lib64/openssl

### create keys
openssl genrsa -out privkey.pem 2048
openssl rsa -pubout -in privkey.pem -out pubkey.pem

Test script:
---------------
<?php
$data = 'this is test data!??!';
$cert = <<<ABC
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnic0B5wZsfox3L1sGPGOGkeqR
3zHpIC3q7DUHGJ5XJf9rD6EeLro2QFqo/nd2UVCrJw99163UpIXt0a2H0XfKvyqu
bMkpkZ6/z74NEzVLzKV9KOokFhXsVzzifOQwgnKTUsq8w4iRUbtaUEHKwBMsP5W7
MkCbiKUk5vWF2nTntwIDAQAB
-----END PUBLIC KEY-----
ABC;
$pk1 = openssl_get_publickey($cert);
$privkey_cert = <<<ABC
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDnic0B5wZsfox3L1sGPGOGkeqR3zHpIC3q7DUHGJ5XJf9rD6Ee
Lro2QFqo/nd2UVCrJw99163UpIXt0a2H0XfKvyqubMkpkZ6/z74NEzVLzKV9KOok
FhXsVzzifOQwgnKTUsq8w4iRUbtaUEHKwBMsP5W7MkCbiKUk5vWF2nTntwIDAQAB
AoGAZ8T+uGeOHXnqAlCa/wR5poonExFxEQZ3Dd6nNXL3JB/HhXgPwbM3ibD18N97
Mu/ms45iBwhuw+qoi5l5qHFcugr6SBVjG4n3IKQUj7lEpeQKW23hkNc0b2RIbno+
GnD30OLU4k57TpK+HmCCsqKs5hBwXjUnivdKlNoI5zb0EMECQQD6aSurVqLEJtPk
bBY6HXr1YsRh5vgBRsuxK9dQTTelRUD+H36C0FChMyqzOCTWMbb1YIg1jIUzD6Kl
Cedt9YWPAkEA7LTLPS8GAkNKVeLkWsfY2ndD4RTS9uKpwleVI5/1+notvHnVCpkc
WCXcuIkLoduGZWE+PBHDcJ/Tui7S9rx3WQJAQEKQ9E0tQ8z6/1lFcvBxx1rrLnyJ
FDrIttSbUn4eU4ksHoqSeptetZ9dy9QSj+z+GIYHLka7P9k5UcTy4OLqvQJAT247
5UQqWAgModWJm40EkAsFlDpQsNhO7xBE07eR64OkZWLcwrmucUYDU0lpxd7Msqh3
IeE0HE8F1axwzqtfwQJAXJ9CCgQLyFPaUcTqml9otU+xObr7PEzKK9G2+ouJHxg1
3D/5j1+qGjSV3pixovKhljG9g/EGE1eF91D/Qo8a1g==
-----END RSA PRIVATE KEY-----
ABC;
$privkey = openssl_pkey_get_private($privkey_cert);
openssl_seal($data, $sealed, $ekeys, array($pk1));
openssl_open($sealed, $plainText, $ekeys[0], $privkey);
var_dump($plainText === $data);


Expected result:
----------------
valgrind run should not complain about memory leak.


Actual result:
--------------
bash-4.1# valgrind --leak-check=full php openssl.php
==23477== Memcheck, a memory error detector
==23477== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==23477== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==23477== Command: php openssl.php
==23477==
bool(true)
==23477==
==23477== HEAP SUMMARY:
==23477==     in use at exit: 85,681 bytes in 2,705 blocks
==23477==   total heap usage: 15,591 allocs, 12,886 frees, 3,247,930 bytes allocated
==23477==
==23477== 1,032 bytes in 1 blocks are definitely lost in loss record 64 of 88
==23477==    at 0x4C279EE: malloc (vg_replace_malloc.c:270)
==23477==    by 0x614AB2D: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.1e)
==23477==    by 0x61CA808: EVP_CipherInit_ex (in /usr/lib64/libcrypto.so.1.0.1e)
==23477==    by 0x45E50B: zif_openssl_seal (openssl.c:4318)
==23477==    by 0x6FD499: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:643)
==23477==    by 0x6F189F: execute (zend_vm_execute.h:410)
==23477==    by 0x68BA3D: zend_execute_scripts (zend.c:1315)
==23477==    by 0x6318DD: php_execute_script (main.c:2502)
==23477==    by 0x731DC2: do_cli (php_cli.c:989)
==23477==    by 0x7324B3: main (php_cli.c:1365)
==23477==
==23477== 1,032 bytes in 1 blocks are definitely lost in loss record 65 of 88
==23477==    at 0x4C279EE: malloc (vg_replace_malloc.c:270)
==23477==    by 0x614AB2D: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.1e)
==23477==    by 0x61CA808: EVP_CipherInit_ex (in /usr/lib64/libcrypto.so.1.0.1e)
==23477==    by 0x61D0B7C: EVP_SealInit (in /usr/lib64/libcrypto.so.1.0.1e)
==23477==    by 0x45E62D: zif_openssl_seal (openssl.c:4331)
==23477==    by 0x6FD499: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:643)
==23477==    by 0x6F189F: execute (zend_vm_execute.h:410)
==23477==    by 0x68BA3D: zend_execute_scripts (zend.c:1315)
==23477==    by 0x6318DD: php_execute_script (main.c:2502)
==23477==    by 0x731DC2: do_cli (php_cli.c:989)
==23477==    by 0x7324B3: main (php_cli.c:1365)
==23477==
==23477== 1,032 bytes in 1 blocks are definitely lost in loss record 66 of 88
==23477==    at 0x4C279EE: malloc (vg_replace_malloc.c:270)
==23477==    by 0x614AB2D: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.1e)
==23477==    by 0x61CA808: EVP_CipherInit_ex (in /usr/lib64/libcrypto.so.1.0.1e)
==23477==    by 0x61D09AF: EVP_OpenInit (in /usr/lib64/libcrypto.so.1.0.1e)
==23477==    by 0x45E148: zif_openssl_open (openssl.c:4421)
==23477==    by 0x6FD499: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:643)
==23477==    by 0x6F189F: execute (zend_vm_execute.h:410)
==23477==    by 0x68BA3D: zend_execute_scripts (zend.c:1315)
==23477==    by 0x6318DD: php_execute_script (main.c:2502)
==23477==    by 0x731DC2: do_cli (php_cli.c:989)
==23477==    by 0x7324B3: main (php_cli.c:1365)
==23477==
==23477== LEAK SUMMARY:
==23477==    definitely lost: 3,096 bytes in 3 blocks
==23477==    indirectly lost: 0 bytes in 0 blocks
==23477==      possibly lost: 0 bytes in 0 blocks
==23477==    still reachable: 82,585 bytes in 2,702 blocks
==23477==         suppressed: 0 bytes in 0 blocks
==23477== Reachable blocks (those to which a pointer was found) are not shown.
==23477== To see them, rerun with: --leak-check=full --show-reachable=yes
==23477==
==23477== For counts of detected and suppressed errors, rerun with: -v
==23477== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 6 from 6)

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-04-14 20:48 UTC] stas@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: stas
 [2014-04-14 20:48 UTC] stas@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

fixed together with bug #66952
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Wed Feb 22 22:01:36 2017 UTC