go to bug id or search bugs for
Tested on PHP 7.2.10, there might be memory leak while using ftp_login function and maybe other functions with FTPS (FTP over SSL).
To reproduce the memory leak, you should open a connection to a FTP server with SSL and then try to login with ftp_login. The test script uses a public FTP that supports SSL for testing but I could reproduce with other FTP servers with valid or invalid credentials.
I also provided another test script (for Unix/Linux) that uses an infinite loop to have a better view of the memory increasing at every turn just after ftp_login is called, see:
The closest issue I found was https://bugs.php.net/bug.php?id=65228 but it looks like the patch has made it from PHP 5.5.x to PHP 7.2.x.
$conn = @ftp_ssl_connect('test.rebex.net', 21);
@ftp_login($conn, '', '');
No memory leak.
==9752== LEAK SUMMARY:
==9752== definitely lost: 947 bytes in 6 blocks
==9752== indirectly lost: 15,057 bytes in 219 blocks
==9752== possibly lost: 0 bytes in 0 blocks
==9752== still reachable: 4,267 bytes in 26 blocks
==9752== suppressed: 0 bytes in 0 blocks
Add a Patch
Add a Pull Request
The following patch has been added/updated:
Patch Name: always-free-context
It seems that we're leaking the SSL_CTX object which is used to
initialize an SSL structure, but will only be freed if the
latter fails. Moving the SSL_free() out of the if statement
(always-free-context.path) should solve the memory leak, and
doesn't appear to introduce any regression. Since I don't have
any experience with libopenssl, I'm not sure whether freeing the
context unconditionally here is okay, though.