diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/session/session.c | 2 |
2 files changed, 3 insertions, 1 deletions
@@ -17,6 +17,8 @@ PHP NEWS - Implemented FR#35638 (Adding udate to imap_fetch_overview results). (Charles_Duffy at dell dot com ) +- Fixed handling of session variable serialization on certain prefix + characters. Reported by Stefan Esser (Ilia) - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) diff --git a/ext/session/session.c b/ext/session/session.c index 6456f68163..0debe75ae3 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -895,7 +895,7 @@ PS_SERIALIZER_ENCODE_FUNC(php) /* {{{ */ PS_ENCODE_LOOP( smart_str_appendl(&buf, key, key_length); - if (memchr(key, PS_DELIMITER, key_length)) { + if (memchr(key, PS_DELIMITER, key_length) || memchr(key, PS_UNDEF_MARKER, key_length)) { PHP_VAR_SERIALIZE_DESTROY(var_hash); smart_str_free(&buf); return FAILURE; |