From: marco dot beierer at mbsecurity dot ch Operating system: Gentoo Linux PHP version: 5.5.0 Package: Streams related Bug Type: Bug Bug description:FTPs memory leak
Description: ------------ There is a memory leak in the functions ftp_login, ftp_get and ftp_fget, if FTP is used over SSL. The leak is caused in the file ext/ftp/ftp.c, because just SSL_shutdown(), but not SSL_free(), is called when the connection gets closed. I have tested the PHP versions 5.3.23, 5.4.13 and 5.5.0 and all are affected by this issue. The memory leak could be reproduced by connecting to a FTP server via FTPs (see test script). Please find attached a patch for this issue, but I am not a C expert and thus the patch maybe not perfect. Especially the part for freeing SSL_CTX. However the patch works fine and fixes the problem. Test script: --------------- <?php $hostname = ''; $port = '21'; $username = ''; $password = ''; $file = 'index.php'; $connection = ftp_ssl_connect($hostname, $port); ftp_login($connection, $username, $password); ftp_pasv($connection, true); ftp_get($connection, $file, $file, FTP_ASCII); ?> Expected result: ---------------- No memory leak. Actual result: -------------- ==16800== 59,938 (808 direct, 59,130 indirect) bytes in 1 blocks are definitely lost in loss record 211 of 227 ==16800== at 0x4C2B4CB: malloc (vg_replace_malloc.c:270) ==16800== by 0x701E0AD: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.0) ==16800== by 0x72EA56F: SSL_new (in /usr/lib64/libssl.so.1.0.0) ==16800== by 0x5069B4: data_accept (in /usr/lib64/php5.4/bin/php) ==16800== by 0x508A25: ftp_get (in /usr/lib64/php5.4/bin/php) ==16800== by 0x5054A5: zif_ftp_get (in /usr/lib64/php5.4/bin/php) ==16800== by 0xBF64DC4: ??? ==16800== by 0x7D99D1: zend_do_fcall_common_helper_SPEC (in /usr/lib64/php5.4/bin/php) ==16800== by 0x78D903: execute (in /usr/lib64/php5.4/bin/php) ==16800== by 0xBF66501: ??? ==16800== by 0x72696A: zend_execute_scripts (in /usr/lib64/php5.4/bin/php) ==16800== by 0x6B9E77: php_execute_script (in /usr/lib64/php5.4/bin/php) ==16800== 616,834 (808 direct, 616,026 indirect) bytes in 1 blocks are definitely lost in loss record 227 of 227 ==16800== at 0x4C2B4CB: malloc (vg_replace_malloc.c:270) ==16800== by 0x701E0AD: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.0) ==16800== by 0x72EA56F: SSL_new (in /usr/lib64/libssl.so.1.0.0) ==16800== by 0x50766C: ftp_login (in /usr/lib64/php5.4/bin/php) ==16800== by 0x506479: zif_ftp_login (in /usr/lib64/php5.4/bin/php) ==16800== by 0xBF64DC4: ??? ==16800== by 0x7D99D1: zend_do_fcall_common_helper_SPEC (in /usr/lib64/php5.4/bin/php) ==16800== by 0x78D903: execute (in /usr/lib64/php5.4/bin/php) ==16800== by 0xBF66501: ??? ==16800== by 0x72696A: zend_execute_scripts (in /usr/lib64/php5.4/bin/php) ==16800== by 0x6B9E77: php_execute_script (in /usr/lib64/php5.4/bin/php) ==16800== by 0x7DC7CD: do_cli (in /usr/lib64/php5.4/bin/php) ==16800== LEAK SUMMARY: ==16800== definitely lost: 1,622 bytes in 3 blocks ==16800== indirectly lost: 675,156 bytes in 1,054 blocks ==16800== possibly lost: 687,752 bytes in 15 blocks ==16800== still reachable: 3,636 bytes in 8 blocks ==16800== suppressed: 0 bytes in 0 blocks ==16800== ERROR SUMMARY: 1227 errors from 1017 contexts (suppressed: 2 from 2) -- Edit bug report at https://bugs.php.net/bug.php?id=65228&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=65228&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=65228&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=65228&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=65228&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=65228&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=65228&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=65228&r=needscript Try newer version: https://bugs.php.net/fix.php?id=65228&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=65228&r=support Expected behavior: https://bugs.php.net/fix.php?id=65228&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=65228&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=65228&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=65228&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65228&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=65228&r=dst IIS Stability: https://bugs.php.net/fix.php?id=65228&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=65228&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=65228&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=65228&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=65228&r=mysqlcfg
