PHP :: Bug #73394 :: php_session_initialize doesn't verify s

Bug #73394

php_session_initialize doesn't verify s_read return value

Submitted:

2016-10-26 16:13 UTC

Modified:

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

martijn at openbsd dot org

Assigned:

Status:

Open

Package:

Session related

PHP Version:

7.0.12

OS:

irrelevant

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	martijn at openbsd dot org
New email:
PHP Version:		OS:

New/Additional Comment:

[2016-10-26 16:13 UTC] martijn at openbsd dot org

Description:
------------
When a read from the session backend fails it still initializes the session without data. This causes problems during either the closing of the session or the php_session_decode (depending on the serializer) with writing an empty session or destroying the session data respectively.

I choose E_ERROR to be in line with s_open and s_create_id function checks, but it can easily changed into E_WARNING to be more in line with the original comment and would cause a return FALSE, because PS(session_status) is not php_session_active.

I haven't looked into other versions, but I guess this applies to other versions as well.

Test script:
---------------
Originally found with https://github.com/php-memcached-dev/php-memcached/ as a session backend.
The script below can be tested by setting up memcached and doing a
"add memc.sess.lock.<session_id> 0 0 1"  on a telnet session to memcached (make sure that memcached.session_locking is set, which it is by default).
The request will first hang and at the end reset the session content in memcached.

<?php
ini_set('session.save_handler', 'memcached');
ini_set('session.save_path', "127.0.0.01:11211");

session_start();
var_dump($_SESSION, session_id());
$_SESSION["a"] = "b";

Patches

session_read_check (last revision 2016-10-26 16:13 UTC by martijn at openbsd dot org)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-01-02 05:20 UTC] samgunjan97 at gmail dot com

Here you can get to read digital marketing in hindi information and know what is
digital marketing. https://www.gyankhoj.com/what-is-digital-marketing-kya-hota-hai-hindi

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2021 The PHP Group All rights reserved.	Last updated: Mon Mar 01 11:01:23 2021 UTC