php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75817 Fatal in calling session_start()
Submitted: 2018-01-15 09:44 UTC Modified: -
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: chensl6588 at gmail dot com Assigned:
Status: Open Package: Session related
PHP Version: 7.2.1 OS: FreeBSD-10.2-i386
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-01-15 09:44 UTC] chensl6588 at gmail dot com
Description:
------------
While PHP is running in FPM with chroot safe_mode, and the session.save_handler is "files".

#ext/session/mod_files.c: PS_CREATE_SID_FUNC(files)
{{
    sid = php_session_create_id((void**)&data);
}}
This statement would always return NULL to sid, because of php_random_bytes() returning FAILURE.


SOLUTION:

ext/standard/random.c: 

Line 94: #elif HAVE_DECL_ARC4RANDOM_BUF && ((defined(__FreeBSD__) || (defined(__OpenBSD__) && OpenBSD >= 201405) || (defined(__NetBSD__) && __NetBSD_Version__ >= 700000001))




Test script:
---------------
session_start();




Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Jun 17 01:01:28 2019 UTC