php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix type confusion with session SID constant

Browse Source 
Closes GH-17548.
This commit is contained in:
Niels Dossche
2025-01-22 22:38:02 +01:00
parent 0b3e637aec
commit 2a2cc2ccce
3 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@@ -48,6 +48,9 @@ PHP NEWS
- PHPDBG:
. Fix crashes in function registration + test. (nielsdos, Girgias)
- Session:
. Fix type confusion with session SID constant. (nielsdos)
- SimpleXML:
. Fixed bug GH-17409 (Assertion failure Zend/zend_hash.c:1730). (nielsdos)

4
ext/session/session.c
View File

@@ -1479,7 +1479,7 @@ PHPAPI zend_result php_session_reset_id(void) /* {{{ */
smart_str_appends(&var, ZSTR_VAL(PS(id)));
smart_str_0(&var);
if (sid) {
zval_ptr_dtor_str(sid);
zval_ptr_dtor(sid);
ZVAL_STR(sid, smart_str_extract(&var));
} else {
REGISTER_STRINGL_CONSTANT("SID", ZSTR_VAL(var.s), ZSTR_LEN(var.s), 0);
@@ -1487,7 +1487,7 @@ PHPAPI zend_result php_session_reset_id(void) /* {{{ */
}
} else {
if (sid) {
zval_ptr_dtor_str(sid);
zval_ptr_dtor(sid);
ZVAL_EMPTY_STRING(sid);
} else {
REGISTER_STRINGL_CONSTANT("SID", "", 0, 0);

19
ext/session/tests/SID_type_confusion.phpt Normal file
View File

@@ -0,0 +1,19 @@
--TEST--
SID constant type confusion
--EXTENSIONS--
session
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
session.use_only_cookies=1
--FILE--
<?php
define('SID', [0xdeadbeef]);
session_start();
var_dump(SID);
?>
--EXPECT--
string(0) ""