archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix type confusion with session SID constant

Browse source 
Closes GH-17548.
This commit is contained in:
Niels Dossche 2025-01-22 22:38:02 +01:00
parent 0b3e637aec
commit 2a2cc2ccce
No known key found for this signature in database
GPG key ID: B8A8AD166DF0E2E5
3 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
NEWS
View file

@ -48,6 +48,9 @@ PHP NEWS
- PHPDBG:
. Fix crashes in function registration + test. (nielsdos, Girgias)
- Session:
. Fix type confusion with session SID constant. (nielsdos)
- SimpleXML:
. Fixed bug GH-17409 (Assertion failure Zend/zend_hash.c:1730). (nielsdos)

4
ext/session/session.c
View file

@ -1479,7 +1479,7 @@ PHPAPI zend_result php_session_reset_id(void) /* {{{ */
smart_str_appends(&var, ZSTR_VAL(PS(id)));
smart_str_0(&var);
if (sid) {
zval_ptr_dtor_str(sid);
zval_ptr_dtor(sid);
ZVAL_STR(sid, smart_str_extract(&var));
} else {
REGISTER_STRINGL_CONSTANT("SID", ZSTR_VAL(var.s), ZSTR_LEN(var.s), 0);
@ -1487,7 +1487,7 @@ PHPAPI zend_result php_session_reset_id(void) /* {{{ */
}
} else {
if (sid) {
zval_ptr_dtor_str(sid);
zval_ptr_dtor(sid);
ZVAL_EMPTY_STRING(sid);
} else {
REGISTER_STRINGL_CONSTANT("SID", "", 0, 0);

19
ext/session/tests/SID_type_confusion.phpt Normal file
View file

@ -0,0 +1,19 @@
--TEST--
SID constant type confusion
--EXTENSIONS--
session
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
session.use_only_cookies=1
--FILE--
<?php
define('SID', [0xdeadbeef]);
session_start();
var_dump(SID);
?>
--EXPECT--
string(0) ""