php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #15308 Segfault when the string which contains '_' in session name is specified.
Submitted: 2002-01-31 03:06 UTC Modified: 2002-02-02 22:22 UTC
From: lasttom at ra2 dot so-net dot ne dot jp Assigned:
Status: Closed Package: Session related
PHP Version: 4.2.0-dev OS: any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lasttom at ra2 dot so-net dot ne dot jp
New email:
PHP Version: OS:

 

 [2002-01-31 03:06 UTC] lasttom at ra2 dot so-net dot ne dot jp 
Apache child segfault when the string which contains '_' in session name is specified.
Although tried on Red Hat7.2 and Windows2000, the apache child segfault.

php.ini
session.save_handler=files

<?php
    session_id ("_index");
    session_start ();
    $_SESSION["foo"]   = "bar";
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-01-31 03:30 UTC] mfischer@php.net 
Does this also happen with 4.1.1 and if, please provide a backtrace under unix (provided that you compiled both php and apache with debug symbols).
 [2002-01-31 04:57 UTC] yohgaki@php.net 
Thank you for responding, Markus.
I asked this user to submit bug report in Japanese PHP mail list.

I think I know what's wrong, but I don't have enough time create and test patch...

In mod_files.c it tests session id file chars are [0-9a-zA-Z], if not it returns 0. It seems returning false is causing this. In mod_user.c and session_pgsql.c, there is very simlar problem. Returning false for read causes segfault. 

The reason for these segfaults are the same, I guess. 
(i.e. session.c has problem when read returns false)
 [2002-02-02 22:22 UTC] yohgaki@php.net 
This bug has been fixed in CVS.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Nov 26 13:01:29 2024 UTC