PHP :: Bug #18158 :: sybase session storage causing data corruption

Bug #18158	sybase session storage causing data corruption
Submitted:	2002-07-04 04:35 UTC	Modified:	2003-07-04 02:06 UTC
From:	g dot hort at unsw dot edu dot au	Assigned:
Status:	No Feedback	Package:	Sybase-ct (ctlib) related
PHP Version:	4.3.0-dev	OS:	Solaris 8
Private report:	No	CVE-ID:	None

View Developer Edit

[2002-07-04 04:35 UTC] g dot hort at unsw dot edu dot au

php for Apache 1.3.26 with mod_ssl
configure --with-apxs=/usr/local/apache/bin/apxs
          --with-gettext
          --with-xml
          --with-zlib
          --with-mysql=/usr/local/mysql
          --with-sybase-ct=/usr/local/sybase12.5/OCS-12.5
          --with-imap=../imap-2001a

I'm using user defined session storage.  mysql works fine.  Both sybase and sybase-ct can save a new session but not update it.

The routine that writes session data is:

function pear_session_write($session_id, $data)
{
  global $pear_session_db;
  $updated = time();
  $sql = "INSERT INTO " . PEAR_SESSION_TABLE
      . "(session_id, last_updated, data) "
      . "VALUES('" . addslashes($session_id) . "', $updated, '"
      . addslashes($data) . "')";
  user_error("pear_session0: $sql ($session_id)\n");
  $rs = $pear_session_db->query($sql);
  user_error("pear_session1: $sql ($session_id)\n");
  if (DB::isError($rs)) // probably a duplicate error: update existing value
  {
    $sql = "UPDATE " . PEAR_SESSION_TABLE
        . " SET last_updated = $updated, data = '"
        . addslashes($data) . "' WHERE session_id = '"
        . addslashes($session_id) . "'";
    $rs = $pear_session_db->query($sql);
  }
  return !(DB::isError($rs));
}

The reason the update doesn't occur is that the variable $session_id gets corrupted while the failing insert is executed and so the update fails.  The sybase interface seems to work fine in other (non-session) situations.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-07-04 09:29 UTC] g dot hort at unsw dot edu dot au

The session handler I'm using is from sourceforge, slightly modified, see http://www.library.unsw.edu.au/pear_session.phps

[2002-07-19 04:06 UTC] g dot hort at unsw dot edu dot au

As workaround I modified the read routine of the session handler to set a global variable to say whether the session exists.  The write routine tests this var to tell whether to do an insert or an update, no errors are returned and everything works fine. see http://sporty.nun.unsw.edu.au/pear_session2.phps.

[2002-07-19 04:57 UTC] sniper@php.net

In the other report (#18404) you said mysql does NOT work..
please, only ONE report per bug.

[2002-07-19 05:38 UTC] g dot hort at unsw dot edu dot au

I think this is a different problem. This is related to sybase returning an error like already exists when doing an insert and it doesn't occur with mysql and has nothing to do with the size of the session.  The corruption occurs in a non-session variable and there doesn't appear to be anything wrong with the session data itself.

In 18404, as far as I can see, the database doesn't give an error, the problem occurs with both sybase and mysql and it seems to depend on the size of the session and the session variable becomes undefined.  It still occurs with the workaround for this bug in place.

However if you still think its the same bug then of course I accept that.

[2002-09-25 06:33 UTC] sas@php.net

Not session related, reclassified.

[2002-10-09 10:50 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

[2002-10-27 19:05 UTC] sniper@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

[2002-11-05 23:41 UTC] g dot hort at unsw dot edu dot au

tried snapshot 200211030600, getting

[06-Nov-2002 16:25:39] PHP Warning:  String is not zero-terminated (ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ*?ZZZZ) (source: /usr/local/src/imp/php4-200211030600/Zend/zend_execute_API.c:293) in Unknown on line 0

in the log.

[2003-06-29 10:48 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2003-07-04 02:06 UTC] sniper@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Nov 05 04:00:01 2025 UTC