Fixed bug #69111 (Crash in SessionHandler::read()).

Made session save handler abuse much harder than before.
author: Yasuo Ohgaki <yohgaki@php.net> 2016-01-15 13:47:45 +0900
committer: Yasuo Ohgaki <yohgaki@php.net> 2016-01-15 15:50:14 +0900
commit: bfb9307b2d679a91e138fd876880470ece60942b (patch)
tree: 2730b684ea85ee413e01f894afe3006aa4d18f72 /ext/session/mod_user.c
parent: d7f8d9e3a9babf0e4f0c1a5590e1feb5e69bd84a (diff)
download: php-git-bfb9307b2d679a91e138fd876880470ece60942b.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c
index 0b6fb626fd..de2df9d6a7 100644
--- a/ext/session/mod_user.c
+++ b/ext/session/mod_user.c
@@ -91,7 +91,16 @@ PS_OPEN_FUNC(user)
 	SESS_ZVAL_STRING((char*)save_path, args[0]);
 	SESS_ZVAL_STRING((char*)session_name, args[1]);
 
-	retval = ps_call_handler(PSF(open), 2, args TSRMLS_CC);
+	zend_try {
+		retval = ps_call_handler(PSF(open), 2, args TSRMLS_CC);
+	} zend_catch {
+		PS(session_status) = php_session_none;
+		if (retval) {
+			zval_ptr_dtor(&retval);
+		}
+		zend_bailout();
+	} zend_end_try();
+
 	PS(mod_user_implemented) = 1;
 
 	FINISH;
author	Yasuo Ohgaki <yohgaki@php.net>	2016-01-15 13:47:45 +0900
committer	Yasuo Ohgaki <yohgaki@php.net>	2016-01-15 15:50:14 +0900
commit	bfb9307b2d679a91e138fd876880470ece60942b (patch)
tree	2730b684ea85ee413e01f894afe3006aa4d18f72 /ext/session/mod_user.c
parent	d7f8d9e3a9babf0e4f0c1a5590e1feb5e69bd84a (diff)
download	php-git-bfb9307b2d679a91e138fd876880470ece60942b.tar.gz