From: Stanislav Malyshev <stas@php.net>
Date: Fri, 4 Dec 2009 01:21:32 +0000 (+0000)
Subject: protect http_session_vars from interrupt corruption
X-Git-Tag: php-5.3.2RC1~114
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3e6ac4fb6bdb23746e6492055828fcd4819b1495;p=php

protect http_session_vars from interrupt corruption
improve save_path check
---

diff --git a/ext/session/session.c b/ext/session/session.c
index 3a5d153cba..87fec64d69 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -693,11 +693,11 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
 			p = new_value;
 		}
 
-		if (PG(safe_mode) && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+		if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 			return FAILURE;
 		}
 
-		if (PG(open_basedir) && php_check_open_basedir(p TSRMLS_CC)) {
+		if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) {
 			return FAILURE;
 		}
 	}
@@ -1882,7 +1882,10 @@ static PHP_FUNCTION(session_unset)
 	}
 
 	IF_SESSION_VARS() {
-		HashTable *ht = Z_ARRVAL_P(PS(http_session_vars));
+		HashTable *ht;
+
+		SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars));
+		ht = Z_ARRVAL_P(PS(http_session_vars));
 
 		if (PG(register_globals)) {
 			uint str_len;
@@ -1960,7 +1963,10 @@ static PHP_FUNCTION(session_unregister)
 		return;
 	}
 
-	PS_DEL_VARL(p_name, p_name_len);
+	IF_SESSION_VARS() {
+		SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars));
+		PS_DEL_VARL(Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name));
+	}
 
 	RETURN_TRUE;
 }