summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBob Weinand <bobwei9@hotmail.com>2015-06-28 16:30:58 +0200
committerBob Weinand <bobwei9@hotmail.com>2015-06-28 16:30:58 +0200
commitb477aa1fad6cac41ee6959921b229cb3dba79e6e (patch)
treee9d33381039d03422e46e2a76e514f735ffb97f2
parente96ad43ae6cc1f5e4db61cd52bf86198adaf77c1 (diff)
downloadphp-git-b477aa1fad6cac41ee6959921b229cb3dba79e6e.tar.gz
Fix bug #69952 (Dereferencing issue in session_start())
-rw-r--r--NEWS10
-rw-r--r--ext/session/session.c35
2 files changed, 24 insertions, 21 deletions
diff --git a/NEWS b/NEWS
index 71c9b57466..248c285a67 100644
--- a/NEWS
+++ b/NEWS
@@ -16,13 +16,17 @@ PHP NEWS
. Corrected oci8 hash destructors to prevent segfaults, and a few other fixes.
(Cameron Porter)
+- OpenSSL:
+ . Fixed bug #69882 (OpenSSL error "key values mismatch" after
+ openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
+
- PCRE:
. Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
-- OpenSSL:
- . Fixed bug #69882 (OpenSSL error "key values mismatch" after
- openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
+- Session:
+ . Fixed bug #69952 (Data integrity issues accessing superglobals by
+ reference). (Bob)
25 Jun 2015, PHP 7.0.0 Alpha 2
diff --git a/ext/session/session.c b/ext/session/session.c
index 66b1a8628b..819008c5bb 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1436,6 +1436,7 @@ PHPAPI const ps_serializer *_php_find_ps_serializer(char *name) /* {{{ */
/* }}} */
static void ppid2sid(zval *ppid) {
+ ZVAL_DEREF(ppid);
if (Z_TYPE_P(ppid) == IS_STRING) {
PS(id) = zend_string_init(Z_STRVAL_P(ppid), Z_STRLEN_P(ppid), 0);
PS(send_cookie) = 0;
@@ -1547,28 +1548,26 @@ PHPAPI void php_session_start(void) /* {{{ */
*/
if (!PS(id)) {
- if (PS(use_cookies) && (data = zend_hash_str_find(&EG(symbol_table), "_COOKIE", sizeof("_COOKIE") - 1)) &&
- Z_TYPE_P(data) == IS_ARRAY &&
- (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))
- ) {
- ppid2sid(ppid);
- PS(send_cookie) = 0;
+ if (PS(use_cookies) && (data = zend_hash_str_find(&EG(symbol_table), "_COOKIE", sizeof("_COOKIE") - 1))) {
+ ZVAL_DEREF(data);
+ if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) {
+ ppid2sid(ppid);
+ PS(send_cookie) = 0;
+ }
}
- if (PS(define_sid) && !PS(id) &&
- (data = zend_hash_str_find(&EG(symbol_table), "_GET", sizeof("_GET") - 1)) &&
- Z_TYPE_P(data) == IS_ARRAY &&
- (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))
- ) {
- ppid2sid(ppid);
+ if (PS(define_sid) && !PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_GET", sizeof("_GET") - 1))) {
+ ZVAL_DEREF(data);
+ if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) {
+ ppid2sid(ppid);
+ }
}
- if (PS(define_sid) && !PS(id) &&
- (data = zend_hash_str_find(&EG(symbol_table), "_POST", sizeof("_POST") - 1)) &&
- Z_TYPE_P(data) == IS_ARRAY &&
- (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))
- ) {
- ppid2sid(ppid);
+ if (PS(define_sid) && !PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_POST", sizeof("_POST") - 1))) {
+ ZVAL_DEREF(data);
+ if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) {
+ ppid2sid(ppid);
+ }
}
/* Check the REQUEST_URI symbol for a string of the form