php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77124 FTP with SSL memory leak
Submitted: 2018-11-08 14:20 UTC Modified: 2018-11-08 16:34 UTC
Votes:4
Avg. Score:3.0 ± 0.7
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: antoine dot guenard+php at gmail dot com Assigned:
Status: Closed Package: FTP related
PHP Version: 7.2.12 OS: Debian GNU/Linux 9 (stretch)
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: antoine dot guenard+php at gmail dot com
New email:
PHP Version: OS:

 

 [2018-11-08 14:20 UTC] antoine dot guenard+php at gmail dot com 
Description:
------------
Tested on PHP 7.2.10, there might be memory leak while using ftp_login function and maybe other functions with FTPS (FTP over SSL).

To reproduce the memory leak, you should open a connection to a FTP server with SSL and then try to login with ftp_login. The test script uses a public FTP that supports SSL for testing but I could reproduce with other FTP servers with valid or invalid credentials.

I also provided another test script (for Unix/Linux) that uses an infinite loop to have a better view of the memory increasing at every turn just after ftp_login is called, see:

https://gist.githubusercontent.com/guenard/6fca07e5c99f959de42dbed67628acf9/raw/b1c97d732a3e8acf249cf415e067b7f0e94075ae/lopp-ftp-with-ssl-login-memory-leak.php

The closest issue I found was https://bugs.php.net/bug.php?id=65228 but it looks like the patch has made it from PHP 5.5.x to PHP 7.2.x.

Test script:
---------------
<?php
$conn = @ftp_ssl_connect('test.rebex.net', 21);
@ftp_login($conn, '', '');
@ftp_close($conn);

Expected result:
----------------
No memory leak.

Actual result:
--------------
==9752== LEAK SUMMARY:
==9752==    definitely lost: 947 bytes in 6 blocks
==9752==    indirectly lost: 15,057 bytes in 219 blocks
==9752==      possibly lost: 0 bytes in 0 blocks
==9752==    still reachable: 4,267 bytes in 26 blocks
==9752==         suppressed: 0 bytes in 0 blocks

Patches

always-free-context (last revision 2018-11-08 16:33 UTC by cmb@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-11-08 16:33 UTC] cmb@php.net 
The following patch has been added/updated:

Patch Name: always-free-context
Revision:   1541694836
URL:        https://bugs.php.net/patch-display.php?bug=77124&patch=always-free-context&revision=1541694836
 [2018-11-08 16:34 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2018-11-08 16:34 UTC] cmb@php.net 
It seems that we're leaking the SSL_CTX object[1] which is used to
initialize an SSL structure[2], but will only be freed[3] if the
latter fails.  Moving the SSL_free() out of the if statement
(always-free-context.path) should solve the memory leak, and
doesn't appear to introduce any regression.  Since I don't have
any experience with libopenssl, I'm not sure whether freeing the
context unconditionally here is okay, though.

[1] <https://github.com/php/php-src/blob/php-7.3.0RC5/ext/ftp/ftp.c#L275>
[2] <https://github.com/php/php-src/blob/php-7.3.0RC5/ext/ftp/ftp.c#L289>
[3] <https://github.com/php/php-src/blob/php-7.3.0RC5/ext/ftp/ftp.c#L292>
 [2019-07-15 13:21 UTC] nikic@php.net 
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88ffe0579726f7ba1985c9223e6005c581032757
Log: Fix bug #77124
 [2019-07-15 13:21 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Oct 27 16:01:27 2024 UTC