Fixed problem with SessionHandler() class and endless recursion

author: Stefan Esser 2014-06-09 15:59:35 +0200
committer: Stefan Esser 2014-06-09 15:59:35 +0200
commit: 9be1238da0b3f87fe9781a2ca91202061b89c0a1 (patch)
tree: 8348fa3c245565829237c17dd1e39905d5a59b0b
parent: f073721856bbac1d427f87520a9cfb6c3fa08c5d (diff)
3 files changed, 35 insertions, 2 deletions
diff --git a/php_suhosin.h b/php_suhosin.h
index 152fe43..3454f5d 100644
--- a/php_suhosin.h
+++ b/php_suhosin.h
@@ -192,6 +192,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
 /*      session */
        void    *s_module;
+        void    *s_original_mod;
        int     (*old_s_read)(void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC);
        int     (*old_s_write)(void **mod_data, const char *key, const char *val, const int vallen TSRMLS_DC);
        int     (*old_s_destroy)(void **mod_data, const char *key TSRMLS_DC);
diff --git a/session.c b/session.c
index f6cff15..306da60 100644
--- a/session.c
+++ b/session.c
@@ -986,16 +986,20 @@ static int suhosin_hook_s_destroy(void **mod_data, const char *key TSRMLS_DC)
 static void suhosin_hook_session_module(TSRMLS_D)
 {
    ps_module *old_mod = SESSION_G(mod), *mod;
+    
    if (old_mod == NULL || SUHOSIN_G(s_module) == old_mod) {
        return;
    }
    if (SUHOSIN_G(s_module) == NULL) {
        SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module));
        if (mod == NULL) {
            return;
        }
    }
+    
+    SUHOSIN_G(s_original_mod) = old_mod;
+    
    mod = SUHOSIN_G(s_module);
    memcpy(mod, old_mod, sizeof(ps_module));
    
@@ -1012,11 +1016,14 @@ static void suhosin_hook_session_module(TSRMLS_D)
 static PHP_INI_MH(suhosin_OnUpdateSaveHandler)
 {
    int r;
+    char *tmp;
+    SESSION_G(mod) = SUHOSIN_G(s_original_mod);
+    
    r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
    
    suhosin_hook_session_module(TSRMLS_C);
-    
    return r;
 }
diff --git a/tests/session/session_recursive_crash.phpt b/tests/session/session_recursive_crash.phpt
new file mode 100644
index 0000000..62cb9cd
--- /dev/null
+++ b/tests/session/session_recursive_crash.phpt
@@ -0,0 +1,25 @@
+--TEST--
+session SessionHandler() recursive crash
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+HTTP_USER_AGENT=test
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=On
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+session_set_save_handler(new SessionHandler(), true);
+$_SESSION['a'] = 'b';
+var_dump($_SESSION);
+--EXPECTF--
+array(1) {
+  ["a"]=>
+  string(1) "b"
+}
author	Stefan Esser	2014-06-09 15:59:35 +0200
committer	Stefan Esser	2014-06-09 15:59:35 +0200
commit	9be1238da0b3f87fe9781a2ca91202061b89c0a1 (patch)
tree	8348fa3c245565829237c17dd1e39905d5a59b0b
parent	f073721856bbac1d427f87520a9cfb6c3fa08c5d (diff)