Protect class based session save handler

diff --git a/ext/session/mod_user_class.c b/ext/session/mod_user_class.c
index b132552fafab6d9a25b07e5b353380acfb7419de..595338d299f07d02843994248d52c2c55ed85748 100644 (file)
--- a/ext/session/mod_user_class.c
+++ b/ext/session/mod_user_class.c
@@ -53,6 +53,7 @@ PHP_METHOD(SessionHandler, open)
        }
 
        PS(mod_user_is_open) = 1;
+       PS(in_save_handler) = 1;
 
        zend_try {
                ret = PS(default_mod)->s_open(&PS(mod_data), save_path, session_name);
@@ -61,6 +62,7 @@ PHP_METHOD(SessionHandler, open)
                zend_bailout();
        } zend_end_try();
 
+       PS(in_save_handler) = 0;
        RETVAL_BOOL(SUCCESS == ret);
 }
 /* }}} */
@@ -78,6 +80,7 @@ PHP_METHOD(SessionHandler, close)
        zend_parse_parameters_none();
 
        PS(mod_user_is_open) = 0;
+       PS(in_save_handler) = 1;
 
        zend_try {
                ret = PS(default_mod)->s_close(&PS(mod_data));
@@ -86,6 +89,7 @@ PHP_METHOD(SessionHandler, close)
                zend_bailout();
        } zend_end_try();
 
+       PS(in_save_handler) = 0;
        RETVAL_BOOL(SUCCESS == ret);
 }
 /* }}} */
@@ -116,6 +120,7 @@ PHP_METHOD(SessionHandler, read)
 PHP_METHOD(SessionHandler, write)
 {
        zend_string *key, *val;
+       zend_bool ret;
 
        PS_SANITY_CHECK_IS_OPEN;
 
@@ -123,7 +128,11 @@ PHP_METHOD(SessionHandler, write)
                return;
        }
 
-       RETURN_BOOL(SUCCESS == PS(default_mod)->s_write(&PS(mod_data), key, val, PS(gc_maxlifetime)));
+       PS(in_save_handler) = 1;
+       ret = PS(default_mod)->s_write(&PS(mod_data), key, val, PS(gc_maxlifetime));
+       PS(in_save_handler) = 0;
+
+       RETURN_BOOL(SUCCESS == ret);
 }
 /* }}} */
 
@@ -132,6 +141,7 @@ PHP_METHOD(SessionHandler, write)
 PHP_METHOD(SessionHandler, destroy)
 {
        zend_string *key;
+       zend_bool ret;
 
        PS_SANITY_CHECK_IS_OPEN;
 
@@ -139,7 +149,11 @@ PHP_METHOD(SessionHandler, destroy)
                return;
        }
 
-       RETURN_BOOL(SUCCESS == PS(default_mod)->s_destroy(&PS(mod_data), key));
+       PS(in_save_handler) = 1;
+       ret = PS(default_mod)->s_destroy(&PS(mod_data), key);
+       PS(in_save_handler) = 0;
+
+       RETURN_BOOL(SUCCESS == ret);
 }
 /* }}} */
 
@@ -156,9 +170,12 @@ PHP_METHOD(SessionHandler, gc)
                return;
        }
 
+       PS(in_save_handler) = 1;
        if (PS(default_mod)->s_gc(&PS(mod_data), maxlifetime, &nrdels) == FAILURE) {
+               PS(in_save_handler) = 0;
                RETURN_FALSE;
        }
+       PS(in_save_handler) = 0;
        RETURN_LONG(nrdels);
 }
 /* }}} */
@@ -175,7 +192,9 @@ PHP_METHOD(SessionHandler, create_sid)
            return;
        }
 
+       PS(in_save_handler) = 1;
        id = PS(default_mod)->s_create_sid(&PS(mod_data));
+       PS(in_save_handler) = 0;
 
        RETURN_STR(id);
 }
@@ -203,6 +222,7 @@ PHP_METHOD(SessionHandler, validateId)
 PHP_METHOD(SessionHandler, updateTimestamp)
 {
        zend_string *key, *val;
+       zend_bool ret;
 
        PS_SANITY_CHECK_IS_OPEN;
 
@@ -210,7 +230,11 @@ PHP_METHOD(SessionHandler, updateTimestamp)
                return;
        }
 
+       PS(in_save_handler) = 1;
+       ret = PS(default_mod)->s_write(&PS(mod_data), key, val, PS(gc_maxlifetime));
+       PS(in_save_handler) = 0;
+
        /* Legacy save handler may not support update_timestamp API. Just write. */
-       RETVAL_BOOL(SUCCESS == PS(default_mod)->s_write(&PS(mod_data), key, val, PS(gc_maxlifetime)));
+       RETVAL_BOOL(SUCCESS == ret);
 }
 /* }}} */