3 files changed, 35 insertions, 2 deletions

diff --git a/php_suhosin.h b/php_suhosin.h
index 152fe43..3454f5d 100644
--- a/php_suhosin.h
+++ b/php_suhosin.h
@@ -192,6 +192,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
 
 /*      session */
         void    *s_module;
+        void    *s_original_mod;
         int     (*old_s_read)(void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC);
         int     (*old_s_write)(void **mod_data, const char *key, const char *val, const int vallen TSRMLS_DC);
         int     (*old_s_destroy)(void **mod_data, const char *key TSRMLS_DC);
diff --git a/session.c b/session.c
index f6cff15..306da60 100644
--- a/session.c
+++ b/session.c
@@ -986,16 +986,20 @@ static int suhosin_hook_s_destroy(void **mod_data, const char *key TSRMLS_DC)
 static void suhosin_hook_session_module(TSRMLS_D)
 {
     ps_module *old_mod = SESSION_G(mod), *mod;
-
+    
     if (old_mod == NULL || SUHOSIN_G(s_module) == old_mod) {
         return;
     }
+
     if (SUHOSIN_G(s_module) == NULL) {
         SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module));
         if (mod == NULL) {
             return;
         }
     }
+    
+    SUHOSIN_G(s_original_mod) = old_mod;
+    
     mod = SUHOSIN_G(s_module);
     memcpy(mod, old_mod, sizeof(ps_module));
     
@@ -1012,11 +1016,14 @@ static void suhosin_hook_session_module(TSRMLS_D)
 static PHP_INI_MH(suhosin_OnUpdateSaveHandler)
 {
     int r;
+    char *tmp;
 
+    SESSION_G(mod) = SUHOSIN_G(s_original_mod);
+    
     r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
     
     suhosin_hook_session_module(TSRMLS_C);
-    
+
     return r;
 }
 
diff --git a/tests/session/session_recursive_crash.phpt b/tests/session/session_recursive_crash.phpt
new file mode 100644
index 0000000..62cb9cd
--- /dev/null
+++ b/tests/session/session_recursive_crash.phpt
@@ -0,0 +1,25 @@
+--TEST--
+session SessionHandler() recursive crash
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+HTTP_USER_AGENT=test
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=On
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+session_set_save_handler(new SessionHandler(), true);
+$_SESSION['a'] = 'b';
+var_dump($_SESSION);
+--EXPECTF--
+array(1) {
+  ["a"]=>
+  string(1) "b"
+}