Fixed crash when save_path is invalid.

Yasuo Ohgaki · Yasuo Ohgaki · commit 4c6e58ac597b · 2002-02-03T03:17:35.000Z
Fixed crash when user save handler is incorrectly used.
Fixed crash when session read failed.
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
@@ -123,7 +123,7 @@ static void ps_files_close(ps_files *data)
 	}
 }
 
-static void ps_files_open(ps_files *data, const char *key)
+static int ps_files_open(ps_files *data, const char *key)
 {
 	char buf[MAXPATHLEN];
 	TSRMLS_FETCH();
@@ -138,7 +138,7 @@ static void ps_files_open(ps_files *data, const char *key)
 		
 		if (!ps_files_valid_key(key) || 
 				!ps_files_path_create(buf, sizeof(buf), data, key))
-			return;
+			return FAILURE;
 		
 		data->lastkey = estrdup(key);
 		
@@ -153,10 +153,13 @@ static void ps_files_open(ps_files *data, const char *key)
 		if (data->fd != -1) 
 			flock(data->fd, LOCK_EX);
 
-		if (data->fd == -1)
+		if (data->fd == -1) {
 			php_error(E_WARNING, "open(%s, O_RDWR) failed: %s (%d)", buf, 
 					strerror(errno), errno);
+			return FAILURE;
+		}
 	}
+	return SUCCESS;
 }
 
 static int ps_files_cleanup_dir(const char *dirname, int maxlifetime)
@@ -254,7 +257,9 @@ PS_READ_FUNC(files)
 	struct stat sbuf;
 	PS_FILES_DATA;
 
-	ps_files_open(data, key);
+	if (ps_files_open(data, key) == FAILURE)
+		return FAILURE;
+	
 	if (data->fd < 0)
 		return FAILURE;
 	
@@ -283,7 +288,9 @@ PS_WRITE_FUNC(files)
 	long n;
 	PS_FILES_DATA;
 
-	ps_files_open(data, key);
+	if (ps_files_open(data, key) == FAILURE)
+		return FAILURE;
+
 	if (data->fd < 0)
 		return FAILURE;
 
diff --git a/ext/session/session.c b/ext/session/session.c
@@ -543,19 +543,21 @@ static char *_php_create_id(int *newlen TSRMLS_DC)
 	return estrdup(buf);
 }
 
-static void php_session_initialize(TSRMLS_D)
+static int php_session_initialize(TSRMLS_D)
 {
 	char *val;
 	int vallen;
 	
 	if (PS(mod)->open(&PS(mod_data), PS(save_path), PS(session_name)) == FAILURE) {
 		php_error(E_ERROR, "Failed to initialize session module");
-		return;
+		return FAILURE;
 	}
-	if (PS(mod)->read(&PS(mod_data), PS(id), &val, &vallen) == SUCCESS) {
-		php_session_decode(val, vallen TSRMLS_CC);
-		efree(val);
+	if (PS(mod)->read(&PS(mod_data), PS(id), &val, &vallen) == FAILURE) {
+		return FAILURE;
 	}
+	php_session_decode(val, vallen TSRMLS_CC);
+	efree(val);
+	return SUCCESS;
 }
 
 
@@ -946,11 +948,10 @@ static void php_session_start(TSRMLS_D)
 	}
 
 	php_session_cache_limiter(TSRMLS_C);
-	php_session_initialize(TSRMLS_C);
-
-	if (PS(mod_data) && PS(gc_probability) > 0) {
+	if (php_session_initialize(TSRMLS_C) == SUCCESS && 
+		PS(mod_data) && PS(gc_probability) > 0) {
 		int nrdels = -1;
-
+		
 		nrand = (int) (100.0*php_combined_lcg(TSRMLS_C));
 		if (nrand < PS(gc_probability)) {
 			PS(mod)->gc(&PS(mod_data), PS(gc_maxlifetime), &nrdels);
@@ -962,6 +963,7 @@ static void php_session_start(TSRMLS_D)
 	}
 }
 
+
 static zend_bool php_session_destroy(TSRMLS_D)
 {
 	zend_bool retval = SUCCESS;

Original file line number	Diff line number	Diff line change
`@@ -543,19 +543,21 @@ static char _php_create_id(int newlen TSRMLS_DC)`
`543`	`543`	`return estrdup(buf);`
`544`	`544`	`}`
`545`	`545`
`546`		`-static void php_session_initialize(TSRMLS_D)`
	`546`	`+static int php_session_initialize(TSRMLS_D)`
`547`	`547`	`{`
`548`	`548`	`char *val;`
`549`	`549`	`int vallen;`
`550`	`550`
`551`	`551`	`if (PS(mod)->open(&PS(mod_data), PS(save_path), PS(session_name)) == FAILURE) {`
`552`	`552`	`php_error(E_ERROR, "Failed to initialize session module");`
`553`		`- return;`
	`553`	`+ return FAILURE;`
`554`	`554`	`}`
`555`		`- if (PS(mod)->read(&PS(mod_data), PS(id), &val, &vallen) == SUCCESS) {`
`556`		`- php_session_decode(val, vallen TSRMLS_CC);`
`557`		`- efree(val);`
	`555`	`+ if (PS(mod)->read(&PS(mod_data), PS(id), &val, &vallen) == FAILURE) {`
	`556`	`+ return FAILURE;`
`558`	`557`	`}`
	`558`	`+ php_session_decode(val, vallen TSRMLS_CC);`
	`559`	`+ efree(val);`
	`560`	`+ return SUCCESS;`
`559`	`561`	`}`
`560`	`562`
`561`	`563`
`@@ -946,11 +948,10 @@ static void php_session_start(TSRMLS_D)`
`946`	`948`	`}`
`947`	`949`
`948`	`950`	`php_session_cache_limiter(TSRMLS_C);`
`949`		`- php_session_initialize(TSRMLS_C);`
`950`		`-`
`951`		`- if (PS(mod_data) && PS(gc_probability) > 0) {`
	`951`	`+ if (php_session_initialize(TSRMLS_C) == SUCCESS &&`
	`952`	`+ PS(mod_data) && PS(gc_probability) > 0) {`
`952`	`953`	`int nrdels = -1;`
`953`		`-`
	`954`	`+`
`954`	`955`	`nrand = (int) (100.0*php_combined_lcg(TSRMLS_C));`
`955`	`956`	`if (nrand < PS(gc_probability)) {`
`956`	`957`	`PS(mod)->gc(&PS(mod_data), PS(gc_maxlifetime), &nrdels);`
`@@ -962,6 +963,7 @@ static void php_session_start(TSRMLS_D)`
`962`	`963`	`}`
`963`	`964`	`}`
`964`	`965`
	`966`	`+`
`965`	`967`	`static zend_bool php_session_destroy(TSRMLS_D)`
`966`	`968`	`{`
`967`	`969`	`zend_bool retval = SUCCESS;`