php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77207 openssl_pkey_get_private didn't free memory
Submitted: 2018-11-27 09:53 UTC Modified: 2021-06-13 04:22 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: sagaxu at qq dot com Assigned: cmb (profile)
Status: No Feedback Package: OpenSSL related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2018-11-27 09:53 UTC] sagaxu at qq dot com
Description:
------------
$ php -v
PHP 7.2.11-3build2 (cli) (built: Nov 26 2018 13:08:29) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.11-3build2, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.6.1, Copyright (c) 2002-2018, by Derick Rethans


PHP 7.1.X and 7.2.X both affected.

Test script:
---------------
<?php

error_reporting(E_ALL);
ini_set('display_errors', 'stderr');


$pk = '-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAokB9srofHWSRuv0x679iYftvS0WBrTS0FvK/yzpdAodcNm5S
SQ8YJqRv5o/YE/i+d49zMM92/Q7hTVnuaEpmYzsX34PvOKYW7LEuTYpa/QRQvcUJ
p/vZ9sR3s7c/FoWrdzIl7kx/WYF53gEvQuHM/qbmRczZ6mdtGN01cYYPVm+oQaPQ
E6r3aQzf+R4XkMFTfbT9iz8NWnPuo+GmGsVqGV1e8tALzybeWqQAwzf5g5sLIGb8
MXPx0dipM98hkw3XKO+sVwxYY5vVnskq05Jw74zZkr9k9vWZC7S80YJkrIzzZaJ4
yPtAdKCS1Nk+nnqVKA4POIZN2cEmO7lrUfb3TwIDAQABAoIBAH1krABpuUxFAh9q
OJ+CfG1PHXcl049h0OB/YNyWUXV32TszzaIq6TZMFTMx7gOZVNIf6h1J6SKv0k2u
eALfpPuBmvSiCUpVihgI4skIaUNrh17yHYFWsd/1fLFGqJomWhq3hfsB4dXxq5Z4
gecFjSEtKX++TpfKsNTreLcwrT/Vte1XLV3U10fLBZfTU26BQYQsgIBgCm96UsIu
izJSv1fplenHRJM08WpLlx07g6Kk17b0qpD+VGFbCCRaO3YtLlHBB60kRQloqSDH
sdycQAI6CZjtYL7x/6LwjH7n4U1haMMcCqDZdsemyz2Lnum4zkMgb4lxWHGu9kbE
MtVJO1kCgYEA1ZKygrVHIi7PmLusxZEobqPNa7lBUaM5CORbSspjeC3AwPKDuhGK
QU4DUFsrFWxxDcI5W3YBduWaYFAQlhaSeKDeJePCgkteXkFHAMd2Li8ogBse+MIF
YynSXzxzmSRLeP4fUCZb03aNENSCnArh7G0vOLFfRkn3x+z0wxY5dDsCgYEAwnvY
4YC6fWymfl/Fw0SsE0TBHg9joXxiCuPsz/miYpmEyBPAZtsD/3o2REnu36ROOQ0a
lIw8EAtQzS/K7UbPpMsAhSFaFyBLFIEP3GZxJB/iaXmIQ6s+JXNqGqoyy+PJiWII
zFj9aLX47WPruOKJip8MLCzdzVMloF63q11Yu/0CgYEAy0nISuwcGmhuR9YT/TZP
Qwj9phT/HKL9zf32+7ird6AtQjtUsU6yx7hnJRyyZMEE13DRQcKQYEjqadSsBQDV
SKbu7SffZEAzQgpmeFJjplBS/6VRFL0xfZM4YFhdPB61DCTvT05Dx4OngKaW78rY
A0BmW1NR+ci8Znug+vTzmTMCgYAaHUciAIcKEGzKy1FixvXUIIdN4gMey/TeQXyq
8Ho9gx+xPfW32fDPfTmMMeFBZm6aeof3Kl1mSh6vbptxAPEgz6FiPvg54rwyJKJc
leTbVOyx/P+vFm9h1/2HVxM7DXsiV2eXCNv+E3E5bxFX4hNV6cVYqS2fRGro/c7r
07z2gQKBgQCtukjBH1l/zHyV3acr5zXhY416wvEMh3zfYWQYYwoUACOaUTlO4Fqz
EsmRtC76Nc3zpLz3/dhMn9ywz7+HJqZs7hNTvU2vxEBAaCFYyzljaJA1EjIKQAdr
jUfQ5aNvrj5lVBJ+iHbV5O/ktFHLcM8eVurZpDirshS2DFMkcrcLHg==
-----END RSA PRIVATE KEY-----';

for ($i=0; $i<10; $i++) {
    for ($j=0; $j<10000; $j++) {
        $key = openssl_pkey_get_private($pk);
        openssl_pkey_free($key);
    }
    echo memory_get_usage() . "\n";
}



Expected result:
----------------
223840
223880
223880
223880
223880
223880
223880
223880
223880
223880


Actual result:
--------------
1167336
1931656
2171656
3460256
3700256
3940256
6277408
6517408
6757408
6997408

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-06-02 11:09 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-06-02 11:09 UTC] cmb@php.net
I cannot reproduce this with current PHP-7.4.  Is this still an
issue for you with any of the actively supported PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2021-06-13 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC