From c54d1f40594b6bc592dc22e55b7683b2ec9ec8c9 Mon Sep 17 00:00:00 2001
From: Stefan
Date: Fri, 5 Mar 2010 23:47:10 +0100
Subject: Fix the session serializer protection

---
 session.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/session.c b/session.c
index db1e97a..64b4822 100644
--- a/session.c
+++ b/session.c
@@ -30,8 +30,14 @@
 #include "php_ini.h"
 #include "php_suhosin.h"
 #include "ext/standard/base64.h"
+#include "ext/standard/php_smart_str.h"
+#include "ext/standard/php_var.h"
 #include "sha256.h"
 
+#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
+# include "ext/hash/php_hash.h"
+#endif
+
 #define PS_OPEN_ARGS void **mod_data, const char *save_path, const char *session_name TSRMLS_DC
 #define PS_CLOSE_ARGS void **mod_data TSRMLS_DC
 #define PS_READ_ARGS void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC
@@ -253,7 +259,7 @@ static php_ps_globals_43_44 *session_globals = NULL;
 #define SESSION_G(v) (session_globals->v)
 #endif
 
-ps_serializer *_php_find_ps_serializer(char *name TSRMLS_DC);
+ps_serializer *(*suhosin_find_ps_serializer)(char *name TSRMLS_DC) = NULL;
 
 #define PS_ENCODE_VARS 											\
 	char *key;													\
@@ -853,8 +859,8 @@ void suhosin_hook_session(TSRMLS_D)
 	
         /* Protect the PHP serializer from ! attacks */
 # if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2)
-        serializer = _php_find_ps_serialize("php" TSRMLS_CC);
-        if (serializer != NULL) {
+        serializer = SESSION_G(serializer);
+        if (serializer != NULL && strcmp(serializer->name, "php")==0) {
                 serializer->encode = suhosin_session_encode;
         }
 #endif
-- 
cgit v1.3