Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability

# Discovered by Stefan Esser
author: Ilia Alshanetsky <iliaa@php.net> 2007-03-14 19:37:07 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2007-03-14 19:37:07 +0000
commit: 7aab16c333c25efccafd953e89e767e009e527e4 (patch)
tree: 2d93a45c59b640e83902ff41044fbcddfe68412c
parent: f9d54cbb75d40e3fd4c04426d14bb9c284674c76 (diff)
download: php-git-7aab16c333c25efccafd953e89e767e009e527e4.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/ext/session/session.c b/ext/session/session.c
index 2b20dde0aa..72606a22d9 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -846,6 +846,7 @@ new_session:
 	} else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */
 		PS(invalid_session_id) = 0;
 		efree(PS(id));
+		PS(id) = NULL;
 		goto new_session;
 	}
 }
@@ -1575,6 +1576,7 @@ PHP_FUNCTION(session_regenerate_id)
 				RETURN_FALSE;
 			}
 			efree(PS(id));
+			PS(id) = NULL;
 		}
 	
 		PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
author	Ilia Alshanetsky <iliaa@php.net>	2007-03-14 19:37:07 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2007-03-14 19:37:07 +0000
commit	7aab16c333c25efccafd953e89e767e009e527e4 (patch)
tree	2d93a45c59b640e83902ff41044fbcddfe68412c
parent	f9d54cbb75d40e3fd4c04426d14bb9c284674c76 (diff)
download	php-git-7aab16c333c25efccafd953e89e767e009e527e4.tar.gz