PHP :: Bug #30282 :: Setting session.serialize_handler to none in apache config segfaults PHP

Bug #30282	Setting session.serialize_handler to none in apache config segfaults PHP
Submitted:	2004-09-29 23:29 UTC	Modified:	2004-09-30 18:50 UTC
From:	daniele at orlandi dot com	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.3.9	OS:	SuSE Linux 9.1
Private report:	No	CVE-ID:	None

View Developer Edit

[2004-09-29 23:29 UTC] daniele at orlandi dot com

Description:
------------
This is an almost cosmetic issue. I incorrectly put "none" in apache's configuration file for session.serialize_handler. Starting the session, PHP segfaults; it may be a missing NULL check.

php_value session.serialize_handler none

[pid 31996] open("/tmp/sess_de475dfe390c0d01f35536633634db4a", O_RDWR|O_CREAT, 0600) = 28
[pid 31996] flock(28, LOCK_EX)          = 0
[pid 31996] fcntl64(28, F_SETFD, FD_CLOEXEC) = 0
[pid 31996] fstat64(28, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
[pid 31996] pread(28, "", 0, 0)
[pid 31996] --- SIGSEGV (Segmentation fault) @ 0 (0) ---

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-09-30 10:07 UTC] tony2001@php.net

Derick, that's the bug I was talking about a month ago.
Here's the patch for it: http://tony2001.phpclub.net/dev/tmp/session.diff
It fixes the problem, but I don't like it - I'd prefer "fixing" session extension instead, but it seems that Sascha doesn't read emails anymore.

[2004-09-30 17:52 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 09:01:32 2024 UTC