Edit report at https://bugs.php.net/bug.php?id=65228&edit=1
ID: 65228 Updated by: fel...@php.net Reported by: marco dot beierer at mbsecurity dot ch Summary: FTPs memory leak -Status: Open +Status: Closed Type: Bug Package: Streams related Operating System: Gentoo Linux PHP Version: 5.5.0 -Assigned To: +Assigned To: felipe Block user comment: N Private report: N New Comment: The patch has been applied to 5.4+ branches. http://git.php.net/?p=php-src.git;a=commitdiff;h=0863a0d6a0f740874b4ef8dc732a4ec94949470c Thanks for the patch. Previous Comments: ------------------------------------------------------------------------ [2013-07-09 20:56:03] marco dot beierer at mbsecurity dot ch I forgot to close the FTPs connection in the test script, but that does not affect the result... ------------------------------------------------------------------------ [2013-07-09 20:49:00] marco dot beierer at mbsecurity dot ch Description: ------------ There is a memory leak in the functions ftp_login, ftp_get and ftp_fget, if FTP is used over SSL. The leak is caused in the file ext/ftp/ftp.c, because just SSL_shutdown(), but not SSL_free(), is called when the connection gets closed. I have tested the PHP versions 5.3.23, 5.4.13 and 5.5.0 and all are affected by this issue. The memory leak could be reproduced by connecting to a FTP server via FTPs (see test script). Please find attached a patch for this issue, but I am not a C expert and thus the patch maybe not perfect. Especially the part for freeing SSL_CTX. However the patch works fine and fixes the problem. Test script: --------------- <?php $hostname = ''; $port = '21'; $username = ''; $password = ''; $file = 'index.php'; $connection = ftp_ssl_connect($hostname, $port); ftp_login($connection, $username, $password); ftp_pasv($connection, true); ftp_get($connection, $file, $file, FTP_ASCII); ?> Expected result: ---------------- No memory leak. Actual result: -------------- ==16800== 59,938 (808 direct, 59,130 indirect) bytes in 1 blocks are definitely lost in loss record 211 of 227 ==16800== at 0x4C2B4CB: malloc (vg_replace_malloc.c:270) ==16800== by 0x701E0AD: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.0) ==16800== by 0x72EA56F: SSL_new (in /usr/lib64/libssl.so.1.0.0) ==16800== by 0x5069B4: data_accept (in /usr/lib64/php5.4/bin/php) ==16800== by 0x508A25: ftp_get (in /usr/lib64/php5.4/bin/php) ==16800== by 0x5054A5: zif_ftp_get (in /usr/lib64/php5.4/bin/php) ==16800== by 0xBF64DC4: ??? ==16800== by 0x7D99D1: zend_do_fcall_common_helper_SPEC (in /usr/lib64/php5.4/bin/php) ==16800== by 0x78D903: execute (in /usr/lib64/php5.4/bin/php) ==16800== by 0xBF66501: ??? ==16800== by 0x72696A: zend_execute_scripts (in /usr/lib64/php5.4/bin/php) ==16800== by 0x6B9E77: php_execute_script (in /usr/lib64/php5.4/bin/php) ==16800== 616,834 (808 direct, 616,026 indirect) bytes in 1 blocks are definitely lost in loss record 227 of 227 ==16800== at 0x4C2B4CB: malloc (vg_replace_malloc.c:270) ==16800== by 0x701E0AD: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.0) ==16800== by 0x72EA56F: SSL_new (in /usr/lib64/libssl.so.1.0.0) ==16800== by 0x50766C: ftp_login (in /usr/lib64/php5.4/bin/php) ==16800== by 0x506479: zif_ftp_login (in /usr/lib64/php5.4/bin/php) ==16800== by 0xBF64DC4: ??? ==16800== by 0x7D99D1: zend_do_fcall_common_helper_SPEC (in /usr/lib64/php5.4/bin/php) ==16800== by 0x78D903: execute (in /usr/lib64/php5.4/bin/php) ==16800== by 0xBF66501: ??? ==16800== by 0x72696A: zend_execute_scripts (in /usr/lib64/php5.4/bin/php) ==16800== by 0x6B9E77: php_execute_script (in /usr/lib64/php5.4/bin/php) ==16800== by 0x7DC7CD: do_cli (in /usr/lib64/php5.4/bin/php) ==16800== LEAK SUMMARY: ==16800== definitely lost: 1,622 bytes in 3 blocks ==16800== indirectly lost: 675,156 bytes in 1,054 blocks ==16800== possibly lost: 687,752 bytes in 15 blocks ==16800== still reachable: 3,636 bytes in 8 blocks ==16800== suppressed: 0 bytes in 0 blocks ==16800== ERROR SUMMARY: 1227 errors from 1017 contexts (suppressed: 2 from 2) ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=65228&edit=1
