diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-03-26 19:01:33 +0100 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-03-31 08:38:23 +0200 |
commit | b510250b8ebe9d90b1db150d7a1edc75893f2e48 (patch) | |
tree | 3adfd3eab317f4490d455d786a31dbfb855b5bfd | |
parent | a681b12820ee1556668087bc7866006ca5329635 (diff) | |
download | php-git-b510250b8ebe9d90b1db150d7a1edc75893f2e48.tar.gz |
Fix #79413: session_create_id() fails for active sessions
The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session already exists.
So to detect a collision, we have to check for `SUCCESS`, not
`FAILURE`.
We also fix the wrong condition in session_regenerate_id() as well.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/session/session.c | 4 | ||||
-rw-r--r-- | ext/session/tests/bug79091.phpt | 2 | ||||
-rw-r--r-- | ext/session/tests/bug79413.phpt | 15 |
4 files changed, 21 insertions, 3 deletions
@@ -20,6 +20,9 @@ PHP NEWS . Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script). (Dmitry) +- Session: + . Fixed bug #79413 (session_create_id() fails for active sessions). (cmb) + - Shmop: . Fixed bug #79427 (Integer Overflow in shmop_open()). (cmb) diff --git a/ext/session/session.c b/ext/session/session.c index 078b3f0b3c..52b9da3180 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2223,7 +2223,7 @@ static PHP_FUNCTION(session_regenerate_id) RETURN_FALSE; } if (PS(use_strict_mode) && PS(mod)->s_validate_sid && - PS(mod)->s_validate_sid(&PS(mod_data), PS(id)) == FAILURE) { + PS(mod)->s_validate_sid(&PS(mod_data), PS(id)) == SUCCESS) { zend_string_release_ex(PS(id), 0); PS(id) = PS(mod)->s_create_sid(&PS(mod_data)); if (!PS(id)) { @@ -2285,7 +2285,7 @@ static PHP_FUNCTION(session_create_id) break; } else { /* Detect collision and retry */ - if (PS(mod)->s_validate_sid(&PS(mod_data), new_id) == FAILURE) { + if (PS(mod)->s_validate_sid(&PS(mod_data), new_id) == SUCCESS) { zend_string_release_ex(new_id, 0); new_id = NULL; continue; diff --git a/ext/session/tests/bug79091.phpt b/ext/session/tests/bug79091.phpt index 1d14427159..4d60e69872 100644 --- a/ext/session/tests/bug79091.phpt +++ b/ext/session/tests/bug79091.phpt @@ -50,7 +50,7 @@ class MySessionHandler implements SessionHandlerInterface, SessionIdInterface, S public function validateId($key) { - return false; + return true; } } diff --git a/ext/session/tests/bug79413.phpt b/ext/session/tests/bug79413.phpt new file mode 100644 index 0000000000..756b29f6ea --- /dev/null +++ b/ext/session/tests/bug79413.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #79413 (session_create_id() fails for active sessions) +--SKIPIF-- +<?php +if (!extension_loaded('session')) die('skip session extension not available'); +?> +--FILE-- +<?php +session_start(); +$old = session_id(); +$new = session_create_id(); +var_dump($new !== $old); +?> +--EXPECT-- +bool(true) |