From 2cb820275d83bc9730dd253c968ae8fd117f4beb Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Sat, 28 Jan 2012 21:02:09 +0000 Subject: [PATCH] - Fixed bug #60860 (session.save_handler=user without defined function core dumps) --- NEWS | 4 ++++ ext/session/mod_user.c | 7 +++++++ ext/session/tests/bug60860.phpt | 17 +++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 ext/session/tests/bug60860.phpt diff --git a/NEWS b/NEWS index 73a3e2a912..13f83a0cf9 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,10 @@ PHP NEWS - OpenSSL: . Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0. CVE-2011-3389. (Scott) + +- Session: + . Fixed bug #60860 (session.save_handler=user without defined function core + dumps). (Felipe) 19 Jan 2012, PHP 5.4.0 RC6 diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c index cf13e4b46e..2ff5302f78 100644 --- a/ext/session/mod_user.c +++ b/ext/session/mod_user.c @@ -80,6 +80,13 @@ PS_OPEN_FUNC(user) { zval *args[2]; STDVARS; + + if (PSF(open) == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, + "user session functions not defined"); + + return FAILURE; + } SESS_ZVAL_STRING((char*)save_path, args[0]); SESS_ZVAL_STRING((char*)session_name, args[1]); diff --git a/ext/session/tests/bug60860.phpt b/ext/session/tests/bug60860.phpt new file mode 100644 index 0000000000..12310205aa --- /dev/null +++ b/ext/session/tests/bug60860.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #60860 (session.save_handler=user without defined function core dumps) +--SKIPIF-- + +--INI-- +session.save_handler=user +--FILE-- + +--EXPECTF-- +Warning: session_start(): user session functions not defined in %s on line 3 + +Fatal error: session_start(): Failed to initialize storage module: user (path: ) in %s on line 3 -- 2.50.1