PHP :: Bug #15308 :: Segfault when the string which contains '

Bug #15308	Segfault when the string which contains '_' in session name is specified.
Submitted:	2002-01-31 03:06 UTC	Modified:	2002-02-02 22:22 UTC
From:	lasttom at ra2 dot so-net dot ne dot jp	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.2.0-dev	OS:	any
Private report:	No	CVE-ID:	None

View Developer Edit

[2002-01-31 03:06 UTC] lasttom at ra2 dot so-net dot ne dot jp

Apache child segfault when the string which contains '_' in session name is specified.
Although tried on Red Hat7.2 and Windows2000, the apache child segfault.

php.ini
session.save_handler=files

<?php
    session_id ("_index");
    session_start ();
    $_SESSION["foo"]   = "bar";
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-01-31 03:30 UTC] mfischer@php.net

Does this also happen with 4.1.1 and if, please provide a backtrace under unix (provided that you compiled both php and apache with debug symbols).

[2002-01-31 04:57 UTC] yohgaki@php.net

Thank you for responding, Markus.
I asked this user to submit bug report in Japanese PHP mail list.

I think I know what's wrong, but I don't have enough time create and test patch...

In mod_files.c it tests session id file chars are [0-9a-zA-Z], if not it returns 0. It seems returning false is causing this. In mod_user.c and session_pgsql.c, there is very simlar problem. Returning false for read causes segfault. 

The reason for these segfaults are the same, I guess. 
(i.e. session.c has problem when read returns false)

[2002-02-02 22:22 UTC] yohgaki@php.net

This bug has been fixed in CVS.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Nov 26 11:01:33 2024 UTC