|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75817 Fatal in calling session_start()
Submitted: 2018-01-15 09:44 UTC Modified: -
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: chensl6588 at gmail dot com Assigned:
Status: Open Package: Session related
PHP Version: 7.2.1 OS: FreeBSD-10.2-i386
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: chensl6588 at gmail dot com
New email:
PHP Version: OS:


 [2018-01-15 09:44 UTC] chensl6588 at gmail dot com
While PHP is running in FPM with chroot safe_mode, and the session.save_handler is "files".

#ext/session/mod_files.c: PS_CREATE_SID_FUNC(files)
    sid = php_session_create_id((void**)&data);
This statement would always return NULL to sid, because of php_random_bytes() returning FAILURE.



Line 94: #elif HAVE_DECL_ARC4RANDOM_BUF && ((defined(__FreeBSD__) || (defined(__OpenBSD__) && OpenBSD >= 201405) || (defined(__NetBSD__) && __NetBSD_Version__ >= 700000001))

Test script:


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Jan 18 05:01:23 2021 UTC