php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68881 null pointer dereference / unused function
Submitted: 2015-01-22 04:04 UTC Modified: 2015-02-02 08:12 UTC
From: bugreports at internot dot info Assigned: yohgaki (profile)
Status: Not a bug Package: Session related
PHP Version: master-Git-2015-01-22 (Git) OS: any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bugreports at internot dot info
New email:
PHP Version: OS:

 

 [2015-01-22 04:04 UTC] bugreports at internot dot info 
Description:
------------
Hi,

Is the session_adapt_url function ever used?

Or, php_url_scanner_adapt_single_url?

Inside php_url_scanner_adapt_single_url there is a null pointer dereference:


389        if (newlen) *newlen = buf.s->len;
390        result = estrndup(buf.s->val, buf.s->len);


but it is initalized with {0}.

The function isn't used anywhere, though.

Should it be removed?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-22 05:26 UTC] yohgaki@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: yohgaki
 [2015-01-22 05:26 UTC] yohgaki@php.net 
session_adapt_url() or php_url_scanner_adapt_single_url() is used for trans sid. i.e. session.use_trans_sid = 1.

With a quick look, the buf could be NULL when there is no inputs. (This would only happens with zend_smart_str, I suppose) I don't use trans sid at all. Could you make a simple reproducible test script? Please don't forget to send your INI setting.
 [2015-01-22 07:49 UTC] bugreports at internot dot info
-Status: Feedback +Status: Assigned
 [2015-01-22 07:49 UTC] bugreports at internot dot info 
I can't find where it is used:

megamansec@megamansec:~/php-src$ grep -nr 'session_adapt_url'
ext/session/session.c:1609:PHPAPI void session_adapt_url(const char *url, size_t urllen, char **new, size_t *newlen) /* {{{ */
ext/session/php_session.h:224:PHPAPI void session_adapt_url(const char *, size_t, char **, size_t *);

megamansec@megamansec:~/php-src$ 



Is it not in master anymore?


Thanks,
 [2015-01-22 08:41 UTC] yohgaki@php.net
-Operating System: Linux Ubuntu 14.04 +Operating System: any
 [2015-01-22 08:41 UTC] yohgaki@php.net 
Thank you for the insight. I'll check see if trans sid works (I supposed to work).
 [2015-01-22 08:42 UTC] yohgaki@php.net 
I mean "It's supposed to work"
 [2015-02-02 08:12 UTC] yohgaki@php.net
-Status: Assigned +Status: Not a bug
 [2015-02-02 08:12 UTC] yohgaki@php.net 
I checked source and it cannot be null.
The unused function seems intended for external modules, so I made it useable.

 http://git.php.net/?p=php-src.git;a=commitdiff;h=f248df900300c5b2201d4cf634d58d413399e2eb
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jul 02 13:01:34 2025 UTC