summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ext/session/session.c1
-rw-r--r--ext/session/tests/bug71603.phpt16
2 files changed, 17 insertions, 0 deletions
diff --git a/ext/session/session.c b/ext/session/session.c
index 994d76217a..238ae877f8 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1611,6 +1611,7 @@ PHPAPI void php_session_start(void) /* {{{ */
* '<session-name>=<session-id>' to allow URLs of the form
* http://yoursite/<session-name>=<session-id>/script.php */
if (PS(define_sid) && !PS(id) &&
+ zend_is_auto_global_str("_SERVER", sizeof("_SERVER") - 1) == SUCCESS &&
(data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "REQUEST_URI", sizeof("REQUEST_URI") - 1)) &&
Z_TYPE_P(data) == IS_STRING &&
(p = strstr(Z_STRVAL_P(data), PS(session_name))) &&
diff --git a/ext/session/tests/bug71603.phpt b/ext/session/tests/bug71603.phpt
new file mode 100644
index 0000000000..588b1fecfb
--- /dev/null
+++ b/ext/session/tests/bug71603.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #71683 Null pointer dereference in zend_hash_str_find_bucket
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.save_handler=files
+session.auto_start=1
+session.use_only_cookies=0
+--FILE--
+<?php
+ob_start();
+echo "ok\n";
+?>
+--EXPECTF--
+ok
+
View Lorry Controller Status