Bug #54060 [Csd->Asn]: Memory leaks when openssl_encrypt called

dovbysh at gmail dot com Mon, 21 Feb 2011 03:46:16 -0800

Edit report at http://bugs.php.net/bug.php?id=54060&edit=1


 ID:                 54060
 User updated by:    dovbysh at gmail dot com
 Reported by:        dovbysh at gmail dot com
 Summary:            Memory leaks when openssl_encrypt called
-Status:             Closed
+Status:             Assigned
 Type:               Bug
 Package:            OpenSSL related
-Operating System:   
+Operating System:   Any
 PHP Version:        5.3SVN-2011-02-21 (snap)
 Assigned To:        pajoye
 Block user comment: N
 Private report:     N

 New Comment:

openssl_decrypt appears this bug too...

test script:



<?php



$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy
ruy 972439 8478942 yrhfjkdhls";

$pass = "r23498rui324hjbnkj";



$maxi = 200000;

$t = microtime(1);

for ($i=0;$i<$maxi; $i++){

        $cr = openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2');

        $dcr = openssl_decrypt($cr, 'des3', $pass, false, '1qazxsw2');

        if ($dcr != $data.$i){

                print "at step $i decryption failed\n";

        }

}

$t = microtime(1)-$t;

print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs
".($maxi/$t)."#/sec \n";

?>



fixes by add this code at line 4818 at the end of openssl_decrypt:

        EVP_CIPHER_CTX_cleanup(&cipher_ctx);


Previous Comments:
------------------------------------------------------------------------
[2011-02-21 11:07:49] [email protected]

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.



------------------------------------------------------------------------
[2011-02-21 11:07:33] [email protected]

Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=308531
Log: - fix bug #54060, memory leak in openssl_encrypt

------------------------------------------------------------------------
[2011-02-21 10:48:43] [email protected]

verified, patch on its way.

------------------------------------------------------------------------
[2011-02-21 09:16:10] dovbysh at gmail dot com

Description:
------------
Memory leaks when I call openssl_encrypt. Test script shows that. I've
watch at ext/openssl/openssl.c and according to
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html (see example at
the bottom) you should free cipher_ctx. So I've put                     



EVP_CIPHER_CTX_cleanup(&cipher_ctx);



at line 4722 before 



RETVAL_STRINGL(base64_str, base64_str_len, 0);





Recompile php (make && make install) and after start test
(mem_non_leaks.log) I have decreaced memory leakes. It's seems, it's not
compleate patch





With memory leakes:

valgrind --log-file=mem_eak.log --leak-check=full  ~/php5.3/bin/php -d
extension=openssl.so crypt_test_openssl.php



Report:

==31035== 76,713,600 bytes in 199,775 blocks are definitely lost in loss
record 128 of 128

==31035==    at 0x4A05E1C: malloc (vg_replace_malloc.c:195)

==31035==    by 0x35670DAD91: CRYPTO_malloc (in
/lib64/libcrypto.so.0.9.8e)

==31035==    by 0x35670D9450: EVP_CipherInit_ex (in
/lib64/libcrypto.so.0.9.8e)

==31035==    by 0x861079C: ???

==31035==    by 0x76BED1: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:316)

==31035==    by 0x771E17: ZEND_DO_FCALL_SPEC_CONST_HANDLER
(zend_vm_execute.h:1606)

==31035==    by 0x76AEED: execute (zend_vm_execute.h:107)

==31035==    by 0x737E93: zend_execute_scripts (zend.c:1194)

==31035==    by 0x6B72E5: php_execute_script (main.c:2268)

==31035==    by 0x82AFA7: main (php_cli.c:1193)

==31035== 

==31035== LEAK SUMMARY:

==31035==    definitely lost: 76,713,984 bytes in 199,776 blocks

==31035==    indirectly lost: 0 bytes in 0 blocks

==31035==      possibly lost: 74,880 bytes in 195 blocks

==31035==    still reachable: 100,809 bytes in 1,688 blocks

==31035==         suppressed: 0 bytes in 0 blocks





Almost without memory leaks:

 valgrind --log-file=mem_non_leaks.log --leak-check=full 
/home/dovbyshko/php5.3/bin/php -d extension=openssl.so
crypt_test_openssl.php



==19014== LEAK SUMMARY:

==19014==    definitely lost: 384 bytes in 1 blocks

==19014==    indirectly lost: 0 bytes in 0 blocks

==19014==      possibly lost: 0 bytes in 0 blocks

==19014==    still reachable: 88,905 bytes in 1,657 blocks

==19014==         suppressed: 0 bytes in 0 blocks





Test script:
---------------
<?php



$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy
ruy 972439 8478942 yrhfjkdhls";

$pass = "r23498rui324hjbnkj";



$maxi = 200000;

$t = microtime(1);

for ($i=0;$i<$maxi; $i++){

        openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2');

}

$t = microtime(1)-$t;

print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs
".($maxi/$t)."#/sec \n";





------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54060&edit=1

Bug #54060 [Csd->Asn]: Memory leaks when openssl_encrypt called

Reply via email to