php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70529 Session read causes "String is not zero-terminated" error
Submitted: 2015-09-18 22:13 UTC Modified: 2015-09-19 02:16 UTC
From: yohgaki@php.net Assigned: yohgaki (profile)
Status: Closed Package: Session related
PHP Version: 7.0Git-2015-09-18 (Git) OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: yohgaki@php.net
New email:
PHP Version: OS:

 

 [2015-09-18 22:13 UTC] yohgaki@php.net
Description:
------------
While I was looking into this bug
https://bugs.php.net/bug.php?id=70520
I found mcrypt_decrypt() sometimes raises "String is not zero-terminated" error. It seems mcrypt_decrypt() returns broken data sometimes also. It makes session decode fail on occasion.

Warning:  String is not zero-terminated (�J?w�fr,�:v�handler) (source: /home/yohgaki/git/oss/php.net/php-src/Zend/zend_execute.c:2061) in /home/yohgaki/workspace/ext/git/oss/php.net/php-src/tt2.php on line 20

Warning:  session_start(): Failed to decode session object. Session has been destroyed in /home/yohgaki/workspace/ext/git/oss/php.net/php-src/tt2.php on line 38

Tested by CLI server. If I don't use mcrypt_decrypt/encrypt(), the test code will not raise errors.

Test script:
---------------
<?php
ob_start();
error_reporting(E_ALL | E_STRICT);
ini_set('session.save_path', '/tmp');
ini_set('display_errors', true);

class EncryptedSessionHandler extends SessionHandler
{
    private $key;

    public function __construct($key)
    {
        $this->key = $key;
    }

    public function read($id)
    {
        $data = parent::read($id);

        return mcrypt_decrypt(MCRYPT_3DES, $this->key, $data, MCRYPT_MODE_ECB);
		//return $data;
    }

    public function write($id, $data)
    {
        $data = mcrypt_encrypt(MCRYPT_3DES, $this->key, $data, MCRYPT_MODE_ECB);

        return parent::write($id, $data);
    }
}

ini_set('session.save_handler', 'files');
$key = substr(sha1(random_bytes(24)), 0, 24);
$handler = new EncryptedSessionHandler($key);
session_set_save_handler($handler, true);

echo '<pre>';
session_start();
$_SESSION['key'] = 1234;
var_dump($_SESSION);
echo session_id() . PHP_EOL;
session_regenerate_id(true);
echo session_id() . PHP_EOL;


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-09-18 22:22 UTC] yohgaki@php.net
Although I don't see errors if I don't use mcrypt, session module may do something wrong in these lines

$data = parent::read($id);
return parent::write($id, $data);

I'll look into this. Could anyone look into mcrypt?
 [2015-09-19 02:16 UTC] yohgaki@php.net
-Summary: mcrypt_decrypt() call sometime results in "String is not zero-terminated" error +Summary: Session read causes "String is not zero-terminated" error -Status: Open +Status: Analyzed -Package: mcrypt related +Package: Session related -Assigned To: +Assigned To: yohgaki
 [2015-09-19 02:16 UTC] yohgaki@php.net
This bugs cause was in ext/session/mod_files.c
When zend_string is adopted, terminating null char was forgotten. This bug is only in PHP-7.0 and master. I'll commit the fix now.
 [2015-09-19 02:28 UTC] yohgaki@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2f7cc862d763bcd3ca09f1164df8cdec929b75b9
Log: Fixed bug #70529 Session read causes &quot;String is not zero-terminated&quot; error
 [2015-09-19 02:28 UTC] yohgaki@php.net
-Status: Analyzed +Status: Closed
 [2015-09-29 13:10 UTC] ab@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2f7cc862d763bcd3ca09f1164df8cdec929b75b9
Log: Fixed bug #70529 Session read causes &quot;String is not zero-terminated&quot; error
 [2016-07-20 11:36 UTC] davey@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2f7cc862d763bcd3ca09f1164df8cdec929b75b9
Log: Fixed bug #70529 Session read causes &quot;String is not zero-terminated&quot; error
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Oct 13 05:01:27 2024 UTC