|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77124 FTP with SSL memory leak
Submitted: 2018-11-08 14:20 UTC Modified: 2018-11-08 16:34 UTC
Avg. Score:3.0 ± 0.7
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: antoine dot guenard+php at gmail dot com Assigned:
Status: Closed Package: FTP related
PHP Version: 7.2.12 OS: Debian GNU/Linux 9 (stretch)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
44 + 15 = ?
Subscribe to this entry?

 [2018-11-08 14:20 UTC] antoine dot guenard+php at gmail dot com
Tested on PHP 7.2.10, there might be memory leak while using ftp_login function and maybe other functions with FTPS (FTP over SSL).

To reproduce the memory leak, you should open a connection to a FTP server with SSL and then try to login with ftp_login. The test script uses a public FTP that supports SSL for testing but I could reproduce with other FTP servers with valid or invalid credentials.

I also provided another test script (for Unix/Linux) that uses an infinite loop to have a better view of the memory increasing at every turn just after ftp_login is called, see:

The closest issue I found was but it looks like the patch has made it from PHP 5.5.x to PHP 7.2.x.

Test script:
$conn = @ftp_ssl_connect('', 21);
@ftp_login($conn, '', '');

Expected result:
No memory leak.

Actual result:
==9752== LEAK SUMMARY:
==9752==    definitely lost: 947 bytes in 6 blocks
==9752==    indirectly lost: 15,057 bytes in 219 blocks
==9752==      possibly lost: 0 bytes in 0 blocks
==9752==    still reachable: 4,267 bytes in 26 blocks
==9752==         suppressed: 0 bytes in 0 blocks


always-free-context (last revision 2018-11-08 16:33 UTC by

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-11-08 16:33 UTC]
The following patch has been added/updated:

Patch Name: always-free-context
Revision:   1541694836
 [2018-11-08 16:34 UTC]
-Status: Open +Status: Verified
 [2018-11-08 16:34 UTC]
It seems that we're leaking the SSL_CTX object[1] which is used to
initialize an SSL structure[2], but will only be freed[3] if the
latter fails.  Moving the SSL_free() out of the if statement
(always-free-context.path) should solve the memory leak, and
doesn't appear to introduce any regression.  Since I don't have
any experience with libopenssl, I'm not sure whether freeing the
context unconditionally here is okay, though.

[1] <>
[2] <>
[3] <>
 [2019-07-15 13:21 UTC]
Automatic comment on behalf of
Log: Fix bug #77124
 [2019-07-15 13:21 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jul 22 20:01:29 2024 UTC