- Fixed bug #60860 (session.save_handler=user without defined function core dumps)

diff --git a/NEWS b/NEWS
index 73a3e2a912eed6c73b28bea58ca3ae68f079b99b..13f83a0cf9d5cec0b6b88c6e3a89e1f6c1facc1a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,10 @@ PHP                                                                        NEWS
 - OpenSSL:
   . Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
     CVE-2011-3389. (Scott)
+    
+- Session:
+  . Fixed bug #60860 (session.save_handler=user without defined function core
+    dumps). (Felipe)
 
 19 Jan 2012, PHP 5.4.0 RC6
 

diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c
index cf13e4b46efccab93090d0f35422d5b955266dbd..2ff5302f7820490602d1476d87a94fd405551552 100644 (file)
--- a/ext/session/mod_user.c
+++ b/ext/session/mod_user.c
@@ -80,6 +80,13 @@ PS_OPEN_FUNC(user)
 {
        zval *args[2];
        STDVARS;
+       
+       if (PSF(open) == NULL) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING,
+                       "user session functions not defined");
+                       
+               return FAILURE;
+       }
 
        SESS_ZVAL_STRING((char*)save_path, args[0]);
        SESS_ZVAL_STRING((char*)session_name, args[1]);

diff --git a/ext/session/tests/bug60860.phpt b/ext/session/tests/bug60860.phpt
new file mode 100644 (file)
index 0000000..1231020
--- /dev/null
+++ b/ext/session/tests/bug60860.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #60860 (session.save_handler=user without defined function core dumps)
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.save_handler=user
+--FILE--
+<?php
+
+session_start();
+echo "ok\n";
+
+?>
+--EXPECTF--
+Warning: session_start(): user session functions not defined in %s on line 3
+
+Fatal error: session_start(): Failed to initialize storage module: user (path: ) in %s on line 3