]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a0d7a66)
fix leak in 7.0
authorAnatol Belski <ab@php.net>
Fri, 29 Jan 2016 13:37:46 +0000 (14:37 +0100)
committerAnatol Belski <ab@php.net>
Fri, 29 Jan 2016 13:48:05 +0000 (14:48 +0100)
ext/session/mod_files.c patch | blob | history

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index b380cfe86b2887dee11a4ee454221039fd472b3c..8f2edca386c79778545bb338f812666ec4a6bcac 100644 (file)
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -115,7 +115,7 @@ static char *ps_files_path_create(char *buf, size_t buflen, ps_files *data, cons
 
        key_len = strlen(key);
        if (key_len <= data->dirdepth ||
-               buflen < (strlen(data->basedir) + 2 * data->dirdepth + key_len + 5 + sizeof(FILE_PREFIX))) {
+               buflen < (data->basedir_len + 2 * data->dirdepth + key_len + 5 + sizeof(FILE_PREFIX))) {
                return NULL;
        }
 
@@ -170,6 +170,11 @@ static void ps_files_open(ps_files *data, const char *key)
                ps_files_close(data);
 
                if (php_session_valid_key(key) == FAILURE) {
+                       if (data->basedir) {
+                               efree(data->basedir);
+                               data->basedir = NULL;
+                               data->basedir_len = 0;
+                       }
                        php_error_docref(NULL, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
                        return;
                }
Unnamed repository; edit this file 'description' to name the repository.