diff options
| author | Bob Weinand <bobwei9@hotmail.com> | 2015-06-28 16:30:58 +0200 |
|---|---|---|
| committer | Bob Weinand <bobwei9@hotmail.com> | 2015-06-28 16:30:58 +0200 |
| commit | b477aa1fad6cac41ee6959921b229cb3dba79e6e (patch) | |
| tree | e9d33381039d03422e46e2a76e514f735ffb97f2 /ext/session/session.c | |
| parent | e96ad43ae6cc1f5e4db61cd52bf86198adaf77c1 (diff) | |
| download | php-git-b477aa1fad6cac41ee6959921b229cb3dba79e6e.tar.gz | |
Fix bug #69952 (Dereferencing issue in session_start())
Diffstat (limited to 'ext/session/session.c')
| -rw-r--r-- | ext/session/session.c | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/ext/session/session.c b/ext/session/session.c index 66b1a8628b..819008c5bb 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1436,6 +1436,7 @@ PHPAPI const ps_serializer *_php_find_ps_serializer(char *name) /* {{{ */ /* }}} */ static void ppid2sid(zval *ppid) { + ZVAL_DEREF(ppid); if (Z_TYPE_P(ppid) == IS_STRING) { PS(id) = zend_string_init(Z_STRVAL_P(ppid), Z_STRLEN_P(ppid), 0); PS(send_cookie) = 0; @@ -1547,28 +1548,26 @@ PHPAPI void php_session_start(void) /* {{{ */ */ if (!PS(id)) { - if (PS(use_cookies) && (data = zend_hash_str_find(&EG(symbol_table), "_COOKIE", sizeof("_COOKIE") - 1)) && - Z_TYPE_P(data) == IS_ARRAY && - (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess)) - ) { - ppid2sid(ppid); - PS(send_cookie) = 0; + if (PS(use_cookies) && (data = zend_hash_str_find(&EG(symbol_table), "_COOKIE", sizeof("_COOKIE") - 1))) { + ZVAL_DEREF(data); + if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { + ppid2sid(ppid); + PS(send_cookie) = 0; + } } - if (PS(define_sid) && !PS(id) && - (data = zend_hash_str_find(&EG(symbol_table), "_GET", sizeof("_GET") - 1)) && - Z_TYPE_P(data) == IS_ARRAY && - (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess)) - ) { - ppid2sid(ppid); + if (PS(define_sid) && !PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_GET", sizeof("_GET") - 1))) { + ZVAL_DEREF(data); + if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { + ppid2sid(ppid); + } } - if (PS(define_sid) && !PS(id) && - (data = zend_hash_str_find(&EG(symbol_table), "_POST", sizeof("_POST") - 1)) && - Z_TYPE_P(data) == IS_ARRAY && - (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess)) - ) { - ppid2sid(ppid); + if (PS(define_sid) && !PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_POST", sizeof("_POST") - 1))) { + ZVAL_DEREF(data); + if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { + ppid2sid(ppid); + } } /* Check the REQUEST_URI symbol for a string of the form |