Memory leaks when openssl

Memory leaks when openssl_encrypt called

Bug #54060

Memory leaks when openssl_encrypt called

Submitted:

2011-02-21 09:16 UTC

Modified:

2011-02-21 13:01 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

dovbysh at gmail dot com

Assigned:

pajoye (profile)

Status:

Closed

Package:

OpenSSL related

PHP Version:

5.3SVN-2011-02-21 (snap)

OS:

Any

Private report:

CVE-ID:

None

[2011-02-21 09:16 UTC] dovbysh at gmail dot com

Description:
------------
Memory leaks when I call openssl_encrypt. Test script shows that. I've watch at ext/openssl/openssl.c and according to http://www.openssl.org/docs/crypto/EVP_EncryptInit.html (see example at the bottom) you should free cipher_ctx. So I've put 			

EVP_CIPHER_CTX_cleanup(&cipher_ctx);

at line 4722 before 

RETVAL_STRINGL(base64_str, base64_str_len, 0);


Recompile php (make && make install) and after start test (mem_non_leaks.log) I have decreaced memory leakes. It's seems, it's not compleate patch


With memory leakes:
valgrind --log-file=mem_eak.log --leak-check=full  ~/php5.3/bin/php -d extension=openssl.so crypt_test_openssl.php

Report:
==31035== 76,713,600 bytes in 199,775 blocks are definitely lost in loss record 128 of 128
==31035==    at 0x4A05E1C: malloc (vg_replace_malloc.c:195)
==31035==    by 0x35670DAD91: CRYPTO_malloc (in /lib64/libcrypto.so.0.9.8e)
==31035==    by 0x35670D9450: EVP_CipherInit_ex (in /lib64/libcrypto.so.0.9.8e)
==31035==    by 0x861079C: ???
==31035==    by 0x76BED1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:316)
==31035==    by 0x771E17: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1606)
==31035==    by 0x76AEED: execute (zend_vm_execute.h:107)
==31035==    by 0x737E93: zend_execute_scripts (zend.c:1194)
==31035==    by 0x6B72E5: php_execute_script (main.c:2268)
==31035==    by 0x82AFA7: main (php_cli.c:1193)
==31035== 
==31035== LEAK SUMMARY:
==31035==    definitely lost: 76,713,984 bytes in 199,776 blocks
==31035==    indirectly lost: 0 bytes in 0 blocks
==31035==      possibly lost: 74,880 bytes in 195 blocks
==31035==    still reachable: 100,809 bytes in 1,688 blocks
==31035==         suppressed: 0 bytes in 0 blocks


Almost without memory leaks:
 valgrind --log-file=mem_non_leaks.log --leak-check=full  /home/dovbyshko/php5.3/bin/php -d extension=openssl.so crypt_test_openssl.php

==19014== LEAK SUMMARY:
==19014==    definitely lost: 384 bytes in 1 blocks
==19014==    indirectly lost: 0 bytes in 0 blocks
==19014==      possibly lost: 0 bytes in 0 blocks
==19014==    still reachable: 88,905 bytes in 1,657 blocks
==19014==         suppressed: 0 bytes in 0 blocks



Test script:
---------------
<?php

$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy 972439 8478942 yrhfjkdhls";
$pass = "r23498rui324hjbnkj";

$maxi = 200000;
$t = microtime(1);
for ($i=0;$i<$maxi; $i++){
	openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2');
}
$t = microtime(1)-$t;
print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs ".($maxi/$t)."#/sec \n";

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-02-21 11:07 UTC] pajoye@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: pajoye

[2011-02-21 11:07 UTC] pajoye@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2011-02-21 11:07 UTC] pajoye@php.net

-Operating System: Linux, Any +Operating System:

[2011-02-21 12:45 UTC] dovbysh at gmail dot com

-Status: Closed +Status: Assigned -Operating System: +Operating System: Any

[2011-02-21 12:45 UTC] dovbysh at gmail dot com

openssl_decrypt appears this bug too...
test script:

<?php

$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy 972439 8478942 yrhfjkdhls";
$pass = "r23498rui324hjbnkj";

$maxi = 200000;
$t = microtime(1);
for ($i=0;$i<$maxi; $i++){
	$cr = openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2');
	$dcr = openssl_decrypt($cr, 'des3', $pass, false, '1qazxsw2');
	if ($dcr != $data.$i){
		print "at step $i decryption failed\n";
	}
}
$t = microtime(1)-$t;
print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs ".($maxi/$t)."#/sec \n";
?>

fixes by add this code at line 4818 at the end of openssl_decrypt:
	EVP_CIPHER_CTX_cleanup(&cipher_ctx);

[2011-02-21 12:51 UTC] pajoye@php.net

-Status: Assigned +Status: Closed

[2011-02-21 12:51 UTC] pajoye@php.net

Please open a new bug for decrypt.

Also you don't need a loop to reproduce the leak, one run is enough :)

[2011-02-21 13:01 UTC] dovbysh at gmail dot com

I've open Bug #54061.