ports/109372: [PATCH] for www/php4-session which fixes php 4.4.5 segfault when register_globals=on

Tue Feb 20 20:50:15 UTC 2007

>Number:         109372
>Category:       ports
>Synopsis:       [PATCH] for www/php4-session which fixes php 4.4.5 segfault when register_globals=on
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 20 20:50:14 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Alexander Zhuravlev
>Release:        FreeBSD 4.11-STABLE i386
>Organization:
>Environment:
System: FreeBSD orion.ulstu.ru 4.11-STABLE FreeBSD 4.11-STABLE #30: Tue Dec 12 15:18:35 MSK 2006 root at orion.ulstu.ru:/usr/obj/usr/src/sys/ORION i386


	
>Description:
	
	The patch fixes php bug #40505.
	PHP 4.4.5 has a bug in sessions handling which leads to segfaults when register_globals option is enabled.
	Attached patch bumps php4-session revision and applies the patch.


>How-To-Repeat:
	
>Fix:

--- php4-session.patch begins here ---
diff -urbBN php4-session.orig/Makefile php4-session/Makefile
--- php4-session.orig/Makefile	Mon Jul 19 12:41:18 2004
+++ php4-session/Makefile	Tue Feb 20 22:48:41 2007
@@ -5,6 +5,8 @@
 # $FreeBSD: ports/www/php4-session/Makefile,v 1.1 2004/07/19 08:41:18 ale Exp $
 #
 
+PORTREVISION=1
+
 CATEGORIES=	www
 
 MASTERDIR=	${.CURDIR}/../../lang/php4
diff -urbBN php4-session.orig/files/patch-session_segfault.diff php4-session/files/patch-session_segfault.diff
--- php4-session.orig/files/patch-session_segfault.diff	Thu Jan  1 03:00:00 1970
+++ php4-session/files/patch-session_segfault.diff	Tue Feb 20 22:37:03 2007
@@ -0,0 +1,43 @@
+Index: ext/session/session.c
+--- session.c	2007/01/09 15:31:36	1.336.2.53.2.13
++++ session.c	2007/02/15 09:41:30	1.336.2.53.2.14
+@@ -17,7 +17,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: session.c,v 1.336.2.53.2.13 2007/01/09 15:31:36 iliaa Exp $ */
++/* $Id: session.c,v 1.336.2.53.2.14 2007/02/15 09:41:30 tony2001 Exp $ */
+ 
+ #ifdef HAVE_CONFIG_H
+ #include "config.h"
+@@ -271,8 +271,12 @@
+ {
+ 	zval **sym_track = NULL;
+ 	
+-	zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1, 
+-			(void *) &sym_track);
++	IF_SESSION_VARS() {
++		zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1,
++				(void *) &sym_track);
++	} else {
++		return;
++	}
+ 
+ 	/*
+ 	 * Set up a proper reference between $_SESSION["x"] and $x.
+@@ -281,11 +285,10 @@
+ 	if (PG(register_globals)) {
+ 		zval **sym_global = NULL;
+ 		
+-		zend_hash_find(&EG(symbol_table), name, namelen + 1, 
+-				(void *) &sym_global);
+-				
+-		if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
+-			return;
++		if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) {
++			if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
++				return;
++			}
+ 		}
+ 
+ 		if (sym_global == NULL && sym_track == NULL) {
--- php4-session.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

