From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 1 Dec 2006 00:28:43 +0000 (+0000)
Subject: MFH: Disallow \0 chars inside session.save_path
X-Git-Tag: php-4.4.5RC1~39
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fb1dff44d9d6852300da2719266b0f28d640dd27;p=php

MFH: Disallow \0 chars inside session.save_path
---

diff --git a/ext/session/session.c b/ext/session/session.c
index 3fb3a08b59..f433caf52b 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -120,6 +120,10 @@ static PHP_INI_MH(OnUpdateSerializer)
 static PHP_INI_MH(OnUpdateSaveDir) {
 	/* Only do the safemode/open_basedir check at runtime */
 	if(stage == PHP_INI_STAGE_RUNTIME) {
+		if (memchr(new_value, '\0', new_value_length) != NULL) {
+			return FAILURE;
+		}
+
 		if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
 			return FAILURE;
    		}