From a1db561d6bbc5d24b6b4c8d9a8dc7eee94c76057 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Mon, 26 Apr 2010 18:35:54 +0000 Subject: [PATCH] Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser --- NEWS | 2 ++ ext/session/session.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index bc868dcd9f..418b730c83 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ PHP NEWS - Reset error state in PDO::beginTransaction() reset error state. (Ilia) - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) +- Fixed handling of session variable serialization on certain prefix + characters. Reported by Stefan Esser (Ilia) - Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre) diff --git a/ext/session/session.c b/ext/session/session.c index 4318aba023..992b627d93 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -813,7 +813,7 @@ PS_SERIALIZER_ENCODE_FUNC(php) /* {{{ */ PS_ENCODE_LOOP( smart_str_appendl(&buf, key, key_length); - if (memchr(key, PS_DELIMITER, key_length)) { + if (memchr(key, PS_DELIMITER, key_length) || memchr(key, PS_UNDEF_MARKER, key_length)) { PHP_VAR_SERIALIZE_DESTROY(var_hash); smart_str_free(&buf); return FAILURE; -- 2.50.1