From: Anatol Belski <ab@php.net>
Date: Fri, 29 Jan 2016 13:37:46 +0000 (+0100)
Subject: fix leak in 7.0
X-Git-Tag: php-7.2.0alpha1~620^2~51^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ee49df011ce55f088908c54ef24ce4db45574414;p=php

fix leak in 7.0
---

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index b380cfe86b..8f2edca386 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -115,7 +115,7 @@ static char *ps_files_path_create(char *buf, size_t buflen, ps_files *data, cons
 
 	key_len = strlen(key);
 	if (key_len <= data->dirdepth ||
-		buflen < (strlen(data->basedir) + 2 * data->dirdepth + key_len + 5 + sizeof(FILE_PREFIX))) {
+		buflen < (data->basedir_len + 2 * data->dirdepth + key_len + 5 + sizeof(FILE_PREFIX))) {
 		return NULL;
 	}
 
@@ -170,6 +170,11 @@ static void ps_files_open(ps_files *data, const char *key)
 		ps_files_close(data);
 
 		if (php_session_valid_key(key) == FAILURE) {
+			if (data->basedir) {
+				efree(data->basedir);
+				data->basedir = NULL;
+				data->basedir_len = 0;
+			}
 			php_error_docref(NULL, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
 			return;
 		}