Fixed Bug #68015 Session does not report invalid uid for files save handler

Yasuo Ohgaki · Yasuo Ohgaki · commit 38553e853b65 · 2016-09-09T11:31:54.000+09:00
diff --git a/NEWS b/NEWS
@@ -24,6 +24,10 @@ PHP                                                                        NEWS
   . Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
     (Keyur) (julien backport)
 
+- Session:
+  . Fixed bug #68015 (Session does not report invalid uid for files save handler).
+    (Yasuo)
+
 - Zip:
   . Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
     (cmb)
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
@@ -138,6 +138,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 		}
 
 		if (!ps_files_path_create(buf, sizeof(buf), data, key)) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create session data file path. Too short session ID, invalid save_path or path lentgth exceeds MAXPATHLEN(%d)", MAXPATHLEN);
 			return;
 		}
 
@@ -147,7 +148,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 #ifdef O_NOFOLLOW
 		data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode);
 #else
-		/* Check to make sure that the opened file is not outside of allowable dirs. 
+		/* Check to make sure that the opened file is not outside of allowable dirs.
 		   This is not 100% safe but it's hard to do something better without O_NOFOLLOW */
 		if(PG(open_basedir) && lstat(buf, &sbuf) == 0 && S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) {
 			return;
@@ -162,6 +163,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 			if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) {
 				close(data->fd);
 				data->fd = -1;
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session data file is not created by your uid");
 				return;
 			}
 #endif
diff --git a/ext/session/tests/016.phpt b/ext/session/tests/016.phpt
@@ -22,5 +22,9 @@ session_write_close();
 print "I live\n";
 ?>
 --EXPECTF--
-Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (123;:/really%scompletely:::/invalid;;,23123;213) in %s on line %d
-I live
+Warning: session_start(): Failed to create session data file path. Too short session ID, invalid save_path or path lentgth exceeds MAXPATHLEN(%d) in %s on line 4
+
+Warning: session_write_close(): Failed to create session data file path. Too short session ID, invalid save_path or path lentgth exceeds MAXPATHLEN(%d) in %s on line 6
+
+Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (123;:/really\completely:::/invalid;;,23123;213) in %s on line 6
+I live
