From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 1 Dec 2006 00:27:33 +0000 (+0000)
Subject: MFB: Disallow \0 chars inside session.save_path
X-Git-Tag: RELEASE_1_0_0RC1~867
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fcaf113b33f74667adf8a998086ae273b3364e0e;p=php

MFB: Disallow \0 chars inside session.save_path
---

diff --git a/ext/session/session.c b/ext/session/session.c
index 41f321c5f6..fb8c7a60d0 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -150,6 +150,10 @@ static PHP_INI_MH(OnUpdateSaveDir)
 	if (stage == PHP_INI_STAGE_RUNTIME) {
  		char *p;
 
+		if (memchr(new_value, '\0', new_value_length) != NULL) {
+			return FAILURE;
+		}
+
 		if ((p = zend_memrchr(new_value, ';', new_value_length))) {
 			p++;
 		} else {