From 3b2d98a62509b4b31ac21df0f391d3161ad95203 Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Sun, 17 Jan 2016 17:09:08 +0900 Subject: [PATCH] Fixed bug #71394 (session_regenerate_id() must close opened session on errors) --- NEWS | 2 ++ ext/session/session.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 3326ff411e..d18dada158 100644 --- a/NEWS +++ b/NEWS @@ -50,6 +50,8 @@ PHP NEWS Session save handlers must return 'string' always for successful read. i.e. Non-existing session read must return empty string. PHP 7.0 is made not to tolerate buggy return value. (Yasuo) + . Fixed bug #71394 (session_regenerate_id() must close opened session on errors). + (Yasuo) - Standard: . Fixed bug #71287 (Error message contains hexadecimal instead of decimal diff --git a/ext/session/session.c b/ext/session/session.c index 0ff8600de4..8427f852bc 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2113,6 +2113,7 @@ static PHP_FUNCTION(session_regenerate_id) zend_string_release(PS(id)); PS(id) = PS(mod)->s_create_sid(&PS(mod_data)); if (!PS(id)) { + PS(mod)->s_close(&PS(mod_data)); PS(session_status) = php_session_none; php_error_docref(NULL, E_RECOVERABLE_ERROR, "Failed to create session ID by collision: %s (path: %s)", PS(mod)->s_name, PS(save_path)); RETURN_FALSE; @@ -2120,6 +2121,7 @@ static PHP_FUNCTION(session_regenerate_id) } /* Read is required to make new session data at this point. */ if (PS(mod)->s_read(&PS(mod_data), PS(id), &data, PS(gc_maxlifetime)) == FAILURE) { + PS(mod)->s_close(&PS(mod_data)); PS(session_status) = php_session_none; php_error_docref(NULL, E_RECOVERABLE_ERROR, "Failed to create(read) session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path)); RETURN_FALSE; -- 2.40.0