diff options
| author | Stefan Esser | 2014-06-09 16:10:42 +0200 |
|---|---|---|
| committer | Stefan Esser | 2014-06-09 16:10:42 +0200 |
| commit | c0927642fd01c6431a17bd1652e5cd269e5946b8 (patch) | |
| tree | a638759eabeb7e58edba03d6bcd7676f7aaee0a3 | |
| parent | 9be1238da0b3f87fe9781a2ca91202061b89c0a1 (diff) | |
Improve SessionHandler() recursion protection
| -rw-r--r-- | Changelog | 1 | ||||
| -rw-r--r-- | session.c | 13 |
2 files changed, 14 insertions, 0 deletions
| @@ -9,6 +9,7 @@ | |||
| 9 | - Added suhosin.rand.seedingkey for INI supplied additional entropy string (idea DavisNT) | 9 | - Added suhosin.rand.seedingkey for INI supplied additional entropy string (idea DavisNT) |
| 10 | - Added suhosin.rand.reseed_every_request to allow reseeding on every request (idea DavisNT) | 10 | - Added suhosin.rand.reseed_every_request to allow reseeding on every request (idea DavisNT) |
| 11 | - Changed that calls to srand() / mt_srand() will trigger auto reseeding (idea DavisNT) | 11 | - Changed that calls to srand() / mt_srand() will trigger auto reseeding (idea DavisNT) |
| 12 | - Fixed problems with SessionHandler() class and endless recursions | ||
| 12 | - Added LICENSE file to make distributions happy | 13 | - Added LICENSE file to make distributions happy |
| 13 | 14 | ||
| 14 | 2014-02-24 - 0.9.35 | 15 | 2014-02-24 - 0.9.35 |
| @@ -487,6 +487,8 @@ static php_ps_globals_43_44 *session_globals = NULL; | |||
| 487 | #define SESSION_G(v) (session_globals->v) | 487 | #define SESSION_G(v) (session_globals->v) |
| 488 | #endif | 488 | #endif |
| 489 | 489 | ||
| 490 | static ps_module *ps_mod_user = NULL; | ||
| 491 | |||
| 490 | ps_serializer *(*suhosin_find_ps_serializer)(char *name TSRMLS_DC) = NULL; | 492 | ps_serializer *(*suhosin_find_ps_serializer)(char *name TSRMLS_DC) = NULL; |
| 491 | 493 | ||
| 492 | #define PS_ENCODE_VARS \ | 494 | #define PS_ENCODE_VARS \ |
| @@ -1018,6 +1020,10 @@ static PHP_INI_MH(suhosin_OnUpdateSaveHandler) | |||
| 1018 | int r; | 1020 | int r; |
| 1019 | char *tmp; | 1021 | char *tmp; |
| 1020 | 1022 | ||
| 1023 | if ((ps_mod_user) && (SUHOSIN_G(s_original_mod) == ps_mod_user) && (strcmp(new_value, "user") == NULL)) { | ||
| 1024 | return SUCCESS; | ||
| 1025 | } | ||
| 1026 | |||
| 1021 | SESSION_G(mod) = SUHOSIN_G(s_original_mod); | 1027 | SESSION_G(mod) = SUHOSIN_G(s_original_mod); |
| 1022 | 1028 | ||
| 1023 | r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); | 1029 | r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); |
| @@ -1089,6 +1095,13 @@ void suhosin_hook_session(TSRMLS_D) | |||
| 1089 | } | 1095 | } |
| 1090 | #endif | 1096 | #endif |
| 1091 | #endif | 1097 | #endif |
| 1098 | if (ps_mod_user == NULL) { | ||
| 1099 | ps_mod_user = DL_FETCH_SYMBOL(module->handle, "ps_mod_user"); | ||
| 1100 | if (ps_mod_user == NULL) { | ||
| 1101 | ps_mod_user = DL_FETCH_SYMBOL(module->handle, "_ps_mod_user"); | ||
| 1102 | } | ||
| 1103 | } | ||
| 1104 | |||
| 1092 | if (old_OnUpdateSaveHandler != NULL) { | 1105 | if (old_OnUpdateSaveHandler != NULL) { |
| 1093 | return; | 1106 | return; |
| 1094 | } | 1107 | } |