From bc44eb61728951ffe789be91ea0142a4120afc50 Mon Sep 17 00:00:00 2001
From: Adam Harvey <aharvey@php.net>
Date: Mon, 8 Sep 2014 19:25:14 +0000
Subject: [PATCH] Fix bug #67972 (SessionHandler Invalid memory read
 create_sid()).

SessionHandler::create_sid() didn't check if PS(default_mod) was initialised
before attempting to call its create_sid() handler.
---
 NEWS                            |  3 ++-
 ext/session/mod_user_class.c    |  2 ++
 ext/session/tests/bug67972.phpt | 10 ++++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 ext/session/tests/bug67972.phpt

diff --git a/NEWS b/NEWS
index de02064a47..f0a4379e2a 100644
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,8 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2014, PHP 5.5.18
 
-
+- Session:
+  . Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam)
 
 11 Sep 2014, PHP 5.5.17
 
diff --git a/ext/session/mod_user_class.c b/ext/session/mod_user_class.c
index 3b6687741e..119a536fb2 100644
--- a/ext/session/mod_user_class.c
+++ b/ext/session/mod_user_class.c
@@ -148,6 +148,8 @@ PHP_METHOD(SessionHandler, create_sid)
 {
 	char *id;
 
+	PS_SANITY_CHECK;
+
 	if (zend_parse_parameters_none() == FAILURE) {
 	    return;
 	}
diff --git a/ext/session/tests/bug67972.phpt b/ext/session/tests/bug67972.phpt
new file mode 100644
index 0000000000..63ed3a95b8
--- /dev/null
+++ b/ext/session/tests/bug67972.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #67972: SessionHandler Invalid memory read create_sid()
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+(new SessionHandler)->create_sid();
+--EXPECTF--
+Fatal error: SessionHandler::create_sid(): Cannot call default session handler in %s on line %d
-- 
2.40.0