php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77124 FTP with SSL memory leak
Submitted: 2018-11-08 14:20 UTC Modified: 2018-11-08 16:34 UTC
Votes:4
Avg. Score:3.0 ± 0.7
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: antoine dot guenard+php at gmail dot com Assigned:
Status: Closed Package: FTP related
PHP Version: 7.2.12 OS: Debian GNU/Linux 9 (stretch)
Private report: No CVE-ID: None
 [2018-11-08 14:20 UTC] antoine dot guenard+php at gmail dot com
Description:
------------
Tested on PHP 7.2.10, there might be memory leak while using ftp_login function and maybe other functions with FTPS (FTP over SSL).

To reproduce the memory leak, you should open a connection to a FTP server with SSL and then try to login with ftp_login. The test script uses a public FTP that supports SSL for testing but I could reproduce with other FTP servers with valid or invalid credentials.

I also provided another test script (for Unix/Linux) that uses an infinite loop to have a better view of the memory increasing at every turn just after ftp_login is called, see:

https://gist.githubusercontent.com/guenard/6fca07e5c99f959de42dbed67628acf9/raw/b1c97d732a3e8acf249cf415e067b7f0e94075ae/lopp-ftp-with-ssl-login-memory-leak.php

The closest issue I found was https://bugs.php.net/bug.php?id=65228 but it looks like the patch has made it from PHP 5.5.x to PHP 7.2.x.

Test script:
---------------
<?php
$conn = @ftp_ssl_connect('test.rebex.net', 21);
@ftp_login($conn, '', '');
@ftp_close($conn);

Expected result:
----------------
No memory leak.

Actual result:
--------------
==9752== LEAK SUMMARY:
==9752==    definitely lost: 947 bytes in 6 blocks
==9752==    indirectly lost: 15,057 bytes in 219 blocks
==9752==      possibly lost: 0 bytes in 0 blocks
==9752==    still reachable: 4,267 bytes in 26 blocks
==9752==         suppressed: 0 bytes in 0 blocks

Patches

always-free-context (last revision 2018-11-08 16:33 UTC by cmb@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-11-08 16:33 UTC] cmb@php.net
The following patch has been added/updated:

Patch Name: always-free-context
Revision:   1541694836
URL:        https://bugs.php.net/patch-display.php?bug=77124&patch=always-free-context&revision=1541694836
 [2018-11-08 16:34 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2018-11-08 16:34 UTC] cmb@php.net
It seems that we're leaking the SSL_CTX object[1] which is used to
initialize an SSL structure[2], but will only be freed[3] if the
latter fails.  Moving the SSL_free() out of the if statement
(always-free-context.path) should solve the memory leak, and
doesn't appear to introduce any regression.  Since I don't have
any experience with libopenssl, I'm not sure whether freeing the
context unconditionally here is okay, though.

[1] <https://github.com/php/php-src/blob/php-7.3.0RC5/ext/ftp/ftp.c#L275>
[2] <https://github.com/php/php-src/blob/php-7.3.0RC5/ext/ftp/ftp.c#L289>
[3] <https://github.com/php/php-src/blob/php-7.3.0RC5/ext/ftp/ftp.c#L292>
 [2019-07-15 13:21 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88ffe0579726f7ba1985c9223e6005c581032757
Log: Fix bug #77124
 [2019-07-15 13:21 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 14 05:01:28 2024 UTC