php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68881 null pointer dereference / unused function
Submitted: 2015-01-22 04:04 UTC Modified: 2015-02-02 08:12 UTC
From: bugreports at internot dot info Assigned: yohgaki (profile)
Status: Not a bug Package: Session related
PHP Version: master-Git-2015-01-22 (Git) OS: any
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2015-01-22 04:04 UTC] bugreports at internot dot info 
Description:
------------
Hi,

Is the session_adapt_url function ever used?

Or, php_url_scanner_adapt_single_url?

Inside php_url_scanner_adapt_single_url there is a null pointer dereference:


389        if (newlen) *newlen = buf.s->len;
390        result = estrndup(buf.s->val, buf.s->len);


but it is initalized with {0}.

The function isn't used anywhere, though.

Should it be removed?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-22 05:26 UTC] yohgaki@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: yohgaki
 [2015-01-22 05:26 UTC] yohgaki@php.net 
session_adapt_url() or php_url_scanner_adapt_single_url() is used for trans sid. i.e. session.use_trans_sid = 1.

With a quick look, the buf could be NULL when there is no inputs. (This would only happens with zend_smart_str, I suppose) I don't use trans sid at all. Could you make a simple reproducible test script? Please don't forget to send your INI setting.
 [2015-01-22 07:49 UTC] bugreports at internot dot info
-Status: Feedback +Status: Assigned
 [2015-01-22 07:49 UTC] bugreports at internot dot info 
I can't find where it is used:

megamansec@megamansec:~/php-src$ grep -nr 'session_adapt_url'
ext/session/session.c:1609:PHPAPI void session_adapt_url(const char *url, size_t urllen, char **new, size_t *newlen) /* {{{ */
ext/session/php_session.h:224:PHPAPI void session_adapt_url(const char *, size_t, char **, size_t *);

megamansec@megamansec:~/php-src$ 



Is it not in master anymore?


Thanks,
 [2015-01-22 08:41 UTC] yohgaki@php.net
-Operating System: Linux Ubuntu 14.04 +Operating System: any
 [2015-01-22 08:41 UTC] yohgaki@php.net 
Thank you for the insight. I'll check see if trans sid works (I supposed to work).
 [2015-01-22 08:42 UTC] yohgaki@php.net 
I mean "It's supposed to work"
 [2015-02-02 08:12 UTC] yohgaki@php.net
-Status: Assigned +Status: Not a bug
 [2015-02-02 08:12 UTC] yohgaki@php.net 
I checked source and it cannot be null.
The unused function seems intended for external modules, so I made it useable.

 http://git.php.net/?p=php-src.git;a=commitdiff;h=f248df900300c5b2201d4cf634d58d413399e2eb
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 20 15:01:29 2024 UTC