From 7aab16c333c25efccafd953e89e767e009e527e4 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 14 Mar 2007 19:37:07 +0000
Subject: [PATCH] Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free
 Vulnerability

# Discovered by Stefan Esser
---
 ext/session/session.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ext/session/session.c b/ext/session/session.c
index 2b20dde0aa..72606a22d9 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -846,6 +846,7 @@ new_session:
 	} else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */
 		PS(invalid_session_id) = 0;
 		efree(PS(id));
+		PS(id) = NULL;
 		goto new_session;
 	}
 }
@@ -1575,6 +1576,7 @@ PHP_FUNCTION(session_regenerate_id)
 				RETURN_FALSE;
 			}
 			efree(PS(id));
+			PS(id) = NULL;
 		}
 	
 		PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
-- 
2.50.1