Fixed a bug in session.c. If the user calls session_module_name with a

parameter, then the mod_data pointer is initialized to NULL and then
php_session_save_current_state did not check this value before referencing
the pointer. Added a check in php_session_save_current_state.

diff --git a/NEWS b/NEWS
index a6351fec5e00ce27fa4fd295af4b4087bc5b2604..c16667bdc5252fd7d265e6561c3b5387942b9001 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,9 @@ PHP 4.0                                                                    NEWS
 
 
 ?? ??? 2000, Version 4.0.4
+- Fixed a bug in session.c. The php_session_save_current_state did not check
+  if mod_data is NULL and such situation is possible if the user calls 
+  session_module_name with a parameter. (alex@zend.com)
 - IIS Admin mudule added
 - OCIBindByName() now does better parameter-checking. (Thies)
 - Attempted to make compile fixes for Solaris in ext/sockets/sockets.c (Chris Vandomelen)

diff --git a/ext/session/session.c b/ext/session/session.c
index 4ab1377dbbe593b81c02bbc06ba55a91ec377afb..78cbd794cdff321caf9c5521ac67f98e091ecac5 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -579,12 +579,15 @@ static void php_session_save_current_state(PSLS_D)
          }
        }
 
-       val = php_session_encode(&vallen PSLS_CC);
-       if (val) {
-               ret = PS(mod)->write(&PS(mod_data), PS(id), val, vallen);
-               efree(val);
-       } else
-               ret = PS(mod)->write(&PS(mod_data), PS(id), "", 0);
+       if (PS(mod_data)) {
+               val = php_session_encode(&vallen PSLS_CC);
+               if (val) {
+                       ret = PS(mod)->write(&PS(mod_data), PS(id), val, vallen);
+                       efree(val);
+               } else {
+                       ret = PS(mod)->write(&PS(mod_data), PS(id), "", 0);
+               }
+       }
        
        if (ret == FAILURE)
                php_error(E_WARNING, "Failed to write session data (%s). Please "
@@ -594,7 +597,8 @@ static void php_session_save_current_state(PSLS_D)
                                PS(save_path));
        
        
-       PS(mod)->close(&PS(mod_data));
+       if (PS(mod_data))
+               PS(mod)->close(&PS(mod_data));
 }
 
 static char *month_names[] = {