Patch 011_all_sharedmem_session_path_gentoo.patch for Session related Bug #49503

Patch version 2010-04-21 13:45 UTC

• 2010-04-21 13:45 UTC [diff to current]

Developer: tsisaruk.v@gmail.com

--- ./ext/session/mod_mm.c	2010-04-19 15:34:42.289185827 +0700
+++ ./ext/session/mod_mm.c.mod	2010-04-19 15:35:47.829200143 +0700
@@ -30,6 +30,7 @@
 #include <fcntl.h>
 
 #include "php_session.h"
+#include "php_open_temporary_file.h"
 #include "mod_mm.h"
 #include "SAPI.h"
 
@@ -264,6 +265,7 @@
 	int euid_len;
 	char *ps_mm_path, euid[30];
 	int ret;
+	char *save_path;
 
 	ps_mm_instance = calloc(sizeof(*ps_mm_instance), 1);
 	if (!ps_mm_instance) {
@@ -274,11 +276,29 @@
 		return FAILURE;
 	}
 
+	if (save_path_len > 0) {
+		/* copy from PS(save_path) */
+		save_path = estrdup(PS(save_path));
+	}
+	else {
+		/* if save path is an empty string, determine the temporary dir */
+		save_path = estrdup(php_get_temporary_directory());
+		save_path_len = strlen(save_path);
+
+		if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+			return FAILURE;
+		}
+		
+		if (php_check_open_basedir(save_path TSRMLS_CC)) {
+			return FAILURE;
+		}
+	}
+
 	/* Directory + '/' + File + Module Name + Effective UID + \0 */
 	ps_mm_path = emalloc(save_path_len + 1 + (sizeof(PS_MM_FILE) - 1) + mod_name_len + euid_len + 1);
 
-	memcpy(ps_mm_path, PS(save_path), save_path_len);
-	if (PS(save_path)[save_path_len - 1] != DEFAULT_SLASH) {
+	memcpy(ps_mm_path, save_path, save_path_len);
+	if (save_path[save_path_len - 1] != DEFAULT_SLASH) {
 		ps_mm_path[save_path_len] = DEFAULT_SLASH;
 		save_path_len++;
 	}
@@ -292,6 +312,7 @@
 	ret = ps_mm_initialize(ps_mm_instance, ps_mm_path);
 
 	efree(ps_mm_path);
+	efree(save_path);
 
 	if (ret != SUCCESS) {
 		free(ps_mm_instance);