Merge branch 'PHP-5.6'

* PHP-5.6:
  Bug #66481 Segfaults on session_name()

2 files changed, 23 insertions, 0 deletions

diff --git a/ext/session/session.c b/ext/session/session.c
index cffdabb7b7..8619c3fe62 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -689,6 +689,13 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
 
 static PHP_INI_MH(OnUpdateName) /* {{{ */
 {
+	/* Don't accept a blank session name from php.ini or -d session.name= */
+	if (!PG(modules_activated) && !new_value_length) {
+		/* Force the default value. */
+		new_value = "PHPSESSID";
+		new_value_length = 9;
+	}
+
 	/* Numeric session.name won't work at all */
 	if (PG(modules_activated) &&
 		(!new_value_length || is_numeric_string(new_value, new_value_length, NULL, NULL, 0))) {
diff --git a/ext/session/tests/bug66481.phpt b/ext/session/tests/bug66481.phpt
new file mode 100644
index 0000000000..0479b5ff4d
--- /dev/null
+++ b/ext/session/tests/bug66481.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #66481: Calls to session_name() segfault when session.name is null.
+--INI--
+session.name=
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+var_dump(session_name("foo"));
+var_dump(session_name("bar"));
+
+--EXPECTF--
+string(9) "PHPSESSID"
+string(3) "foo"
+