From: Stanislav Malyshev <stas@php.net>
Date: Fri, 4 Dec 2009 01:21:32 +0000 (+0000)
Subject: protect http_session_vars from interrupt corruption
X-Git-Tag: php-5.4.0alpha1~191^2~2303
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7b0d41535e21a93d2a752a2aa43d7c2e7d40312c;p=php

protect http_session_vars from interrupt corruption
improve save_path check
---

diff --git a/ext/session/session.c b/ext/session/session.c
index c0d6691734..9e6bf525c5 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -569,7 +569,7 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
 			p = new_value;
 		}
 
-		if (php_check_open_basedir(p TSRMLS_CC)) {
+		if (*p && php_check_open_basedir(p TSRMLS_CC)) {
 			return FAILURE;
 		}
 	}
@@ -1817,7 +1817,10 @@ static PHP_FUNCTION(session_unset)
 	}
 
 	IF_SESSION_VARS() {
-		HashTable *ht = Z_ARRVAL_P(PS(http_session_vars));
+		HashTable *ht;
+
+		SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars));
+		ht = Z_ARRVAL_P(PS(http_session_vars));
 
 		/* Clean $_SESSION. */
 		zend_hash_clean(ht);