archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

PS(mod_user_class_name) must not leak into next request

Browse source 
Fixes GH-9584
This commit is contained in:
Ilija Tovilo 2022-09-20 22:07:38 +02:00
parent bda449afe8
commit 3071d85a6b
No known key found for this signature in database
GPG key ID: A4F5D403F118200A
3 changed files with 64 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -15,6 +15,10 @@ PHP NEWS
- Sockets:
. Fixed socket constants regression as of PHP 8.2.0beta3. (Bruce Dou)
- Session:
. Fixed GH-9584 (Avoid memory corruption when not unregistering custom session
handler). (ilutov)
15 Sep 2022, PHP 8.2.0RC2
- Core:

5
ext/session/session.c
View file

@ -142,6 +142,11 @@ static inline void php_rshutdown_session_globals(void) /* {{{ */
PS(session_vars) = NULL;
}
if (PS(mod_user_class_name)) {
zend_string_release(PS(mod_user_class_name));
PS(mod_user_class_name) = NULL;
}
/* User save handlers may end up directly here by misuse, bugs in user script, etc. */
/* Set session status to prevent error while restoring save handler INI value. */
PS(session_status) = php_session_none;

55
ext/session/tests/gh9584.phpt Normal file
View file

@ -0,0 +1,55 @@
--TEST--
GH-9584: PS(mod_user_class_name) must not leak into next request
--EXTENSIONS--
session
--SKIPIF--
<?php include('skipif.inc'); ?>
--FILE--
<?php
class MySessionHandler extends SessionHandler implements SessionUpdateTimestampHandlerInterface
{
public function open($path, $sessname): bool {
return true;
}
public function close(): bool {
return true;
}
public function read($sessid): string|false {
return 'foo|s:3:"foo";';
}
public function write($sessid, $sessdata): bool {
return false;
}
public function destroy($sessid): bool {
return true;
}
public function gc($maxlifetime): int|false {
return true;
}
public function create_sid(): string {
return sha1(random_bytes(32));
}
public function validateId($sid): bool {
return true;
}
public function updateTimestamp($sessid, $sessdata): bool {
return false;
}
}
$handler = new MySessionHandler();
session_set_save_handler($handler);
?>
===DONE===
--EXPECT--
===DONE===