Skip to content

ValueError on null byte in session_name() #15286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 11, 2024
Merged

ValueError on null byte in session_name() #15286

merged 3 commits into from
Aug 11, 2024

Conversation

@jorgsowa
Copy link
Contributor

@jorgsowa jorgsowa commented Aug 7, 2024

Prevents setting session name with null byte through the session_name() function.

@jorgsowa jorgsowa requested a review from Girgias as a code owner August 7, 2024 23:00
@jorgsowa jorgsowa marked this pull request as draft August 8, 2024 07:54
Girgias
Girgias reviewed Aug 8, 2024
View reviewed changes
Girgias
Girgias reviewed Aug 8, 2024
View reviewed changes
@cmb69
Copy link
Member

cmb69 commented Aug 10, 2024

Can't we just apply the following patch instead:

 ext/session/session.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/session/session.c b/ext/session/session.c
index f3296e37f2..c69409fdb4 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1865,7 +1865,7 @@ PHP_FUNCTION(session_name)
 	zend_string *name = NULL;
 	zend_string *ini_name;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "|S!", &name) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "|P!", &name) == FAILURE) {
 		RETURN_THROWS();
 	}

@jorgsowa
Copy link
Contributor Author

Thanks for the comment. I limited only to flag P of session_name()'s input.

@jorgsowa jorgsowa marked this pull request as ready for review August 10, 2024 23:09
Girgias
Girgias approved these changes Aug 10, 2024
View reviewed changes
Copy link
Member

@Girgias Girgias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with minor nit

@Girgias Girgias merged commit 6bf7b72 into php:master Aug 11, 2024
@Girgias
Copy link
Member

Girgias commented Aug 11, 2024

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Girgias Girgias Girgias approved these changes

Assignees

No one assigned

Labels

Extension: session

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jorgsowa @cmb69 @Girgias