Bug #54060 [Csd]: Memory leaks when openssl_encrypt called

dovbysh at gmail dot com Mon, 21 Feb 2011 04:01:20 -0800

Edit report at http://bugs.php.net/bug.php?id=54060&edit=1


 ID:                 54060
 User updated by:    dovbysh at gmail dot com
 Reported by:        dovbysh at gmail dot com
 Summary:            Memory leaks when openssl_encrypt called
 Status:             Closed
 Type:               Bug
 Package:            OpenSSL related
 Operating System:   Any
 PHP Version:        5.3SVN-2011-02-21 (snap)
 Assigned To:        pajoye
 Block user comment: N
 Private report:     N

 New Comment:

I've open Bug #54061.


Previous Comments:
------------------------------------------------------------------------
[2011-02-21 12:51:41] paj...@php.net

Please open a new bug for decrypt.



Also you don't need a loop to reproduce the leak, one run is enough :)

------------------------------------------------------------------------
[2011-02-21 12:45:59] dovbysh at gmail dot com

openssl_decrypt appears this bug too...

test script:



<?php



$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy
ruy 972439 8478942 yrhfjkdhls";

$pass = "r23498rui324hjbnkj";



$maxi = 200000;

$t = microtime(1);

for ($i=0;$i<$maxi; $i++){

        $cr = openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2');

        $dcr = openssl_decrypt($cr, 'des3', $pass, false, '1qazxsw2');

        if ($dcr != $data.$i){

                print "at step $i decryption failed\n";

        }

}

$t = microtime(1)-$t;

print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs
".($maxi/$t)."#/sec \n";

?>



fixes by add this code at line 4818 at the end of openssl_decrypt:

        EVP_CIPHER_CTX_cleanup(&cipher_ctx);

------------------------------------------------------------------------
[2011-02-21 11:07:49] paj...@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.



------------------------------------------------------------------------
[2011-02-21 11:07:33] paj...@php.net

Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=308531
Log: - fix bug #54060, memory leak in openssl_encrypt

------------------------------------------------------------------------
[2011-02-21 10:48:43] paj...@php.net

verified, patch on its way.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    http://bugs.php.net/bug.php?id=54060


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54060&edit=1

Bug #54060 [Csd]: Memory leaks when openssl_encrypt called

Reply via email to