From bfb9307b2d679a91e138fd876880470ece60942b Mon Sep 17 00:00:00 2001
From: Yasuo Ohgaki <yohgaki@php.net>
Date: Fri, 15 Jan 2016 13:47:45 +0900
Subject: Fixed bug #69111 (Crash in SessionHandler::read()). Made session save
 handler abuse much harder than before.

---
 ext/session/mod_user.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'ext/session/mod_user.c')

diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c
index 0b6fb626fd..de2df9d6a7 100644
--- a/ext/session/mod_user.c
+++ b/ext/session/mod_user.c
@@ -91,7 +91,16 @@ PS_OPEN_FUNC(user)
 	SESS_ZVAL_STRING((char*)save_path, args[0]);
 	SESS_ZVAL_STRING((char*)session_name, args[1]);
 
-	retval = ps_call_handler(PSF(open), 2, args TSRMLS_CC);
+	zend_try {
+		retval = ps_call_handler(PSF(open), 2, args TSRMLS_CC);
+	} zend_catch {
+		PS(session_status) = php_session_none;
+		if (retval) {
+			zval_ptr_dtor(&retval);
+		}
+		zend_bailout();
+	} zend_end_try();
+
 	PS(mod_user_implemented) = 1;
 
 	FINISH;
-- 
cgit v1.2.1