Skip to content

Memory leak in php_openssl_enable_crypto() / php_openssl_init_server_reneg_limit() #22081

Open
Open
Memory leak in php_openssl_enable_crypto() / php_openssl_init_server_reneg_limit()#22081
Assignees
bukka
Labels
BugExtension: opensslStatus: Verified
@arnaud-lb

Description

@arnaud-lb
arnaud-lb
opened on May 18, 2026

Description

php_openssl_enable_crypto() may call php_openssl_init_server_reneg_limit(), which allocates sslsock->reneg. If SSL_accept() results in EAGAIN, sslsock->reneg leaks.

https://github.com/php/php-src/actions/runs/25240631798/job/74015814015#step:11:2925:

Direct leak of 16896 byte(s) in 528 object(s) allocated from:
      #0 0x7f2e35afd9c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
      #1 0x5617fef331f0 in tracked_malloc /home/runner/work/php-src/php-src/Zend/zend_alloc.c:3016
      #2 0x5617fef30871 in _emalloc /home/runner/work/php-src/php-src/Zend/zend_alloc.c:2778
      #3 0x5617fc01a0b1 in php_openssl_init_server_reneg_limit /home/runner/work/php-src/php-src/ext/openssl/xp_ssl.c:1172
      #4 0x5617fc029a38 in php_openssl_enable_crypto /home/runner/work/php-src/php-src/ext/openssl/xp_ssl.c:2274
      #5 0x5617fc033b6e in php_openssl_sockop_set_option /home/runner/work/php-src/php-src/ext/openssl/xp_ssl.c:2987
      #6 0x5617fec5bc4b in _php_stream_set_option /home/runner/work/php-src/php-src/main/streams/streams.c:1518
      #7 0x5617fec6b97b in php_stream_xport_crypto_enable /home/runner/work/php-src/php-src/main/streams/transports.c:385
      #8 0x5617fe4aa0c6 in zif_stream_socket_enable_crypto /home/runner/work/php-src/php-src/ext/standard/streamsfuncs.c:1524
      #9 0x5617ff1b0ba5 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/runner/work/php-src/php-src/Zend/zend_vm_execute.h:1387
      #10 0x5617ff494066 in execute_ex /home/runner/work/php-src/php-src/Zend/zend_vm_execute.h:110392
      #11 0x5617ff1380c9 in zend_call_function /home/runner/work/php-src/php-src/Zend/zend_execute_API.c:1004
      #12 0x5617ff4c5660 in zend_fiber_execute /home/runner/work/php-src/php-src/Zend/zend_fibers.c:608
      #13 0x5617ff4c1efd in zend_fiber_trampoline /home/runner/work/php-src/php-src/Zend/zend_fibers.c:391

  Direct leak of 32 byte(s) in 1 object(s) allocated from:
      #0 0x7f2e35afd9c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
      #1 0x5617fef331f0 in tracked_malloc /home/runner/work/php-src/php-src/Zend/zend_alloc.c:3016
      #2 0x5617fef30871 in _emalloc /home/runner/work/php-src/php-src/Zend/zend_alloc.c:2778
      #3 0x5617fc01a0b1 in php_openssl_init_server_reneg_limit /home/runner/work/php-src/php-src/ext/openssl/xp_ssl.c:1172
      #4 0x5617fc029a38 in php_openssl_enable_crypto /home/runner/work/php-src/php-src/ext/openssl/xp_ssl.c:2274
      #5 0x5617fc033b6e in php_openssl_sockop_set_option /home/runner/work/php-src/php-src/ext/openssl/xp_ssl.c:2987
      #6 0x5617fec5bc4b in _php_stream_set_option /home/runner/work/php-src/php-src/main/streams/streams.c:1518
      #7 0x5617fec6b97b in php_stream_xport_crypto_enable /home/runner/work/php-src/php-src/main/streams/transports.c:385
      #8 0x5617fe4aa0c6 in zif_stream_socket_enable_crypto /home/runner/work/php-src/php-src/ext/standard/streamsfuncs.c:1524
      #9 0x5617ff1b0ba5 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/runner/work/php-src/php-src/Zend/zend_vm_execute.h:1387
      #10 0x5617fd6a2ff1 in zend_jit_trace_execute /home/runner/work/php-src/php-src/ext/opcache/jit/zend_jit_vm_helpers.c:1069
      #11 0x5617fd974270 in zend_jit_trace_hot_root ext/opcache/jit/zend_jit_trace.c:8185
      #12 0x7f2deb888485  (<unknown module>)
      #13 0x5617ff1380c9 in zend_call_function /home/runner/work/php-src/php-src/Zend/zend_execute_API.c:1004
      #14 0x5617ff4c5660 in zend_fiber_execute /home/runner/work/php-src/php-src/Zend/zend_fibers.c:608
      #15 0x5617ff4c1efd in zend_fiber_trampoline /home/runner/work/php-src/php-src/Zend/zend_fibers.c:391

PHP Version

master (b1242c32bcaff0b4766eaca7e1846c80687f7006)

Operating System

No response

Metadata

Metadata

Assignees

Labels

BugExtension: opensslStatus: Verified

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions