Date: Tue, 20 Feb 2007 23:12:21 +0300 (MSK) From: Alexander Zhuravlev <zaa@zaa.pp.ru> To: FreeBSD-gnats-submit@FreeBSD.org Cc: ale@FreeBSD.org Subject: ports/109372: [PATCH] for www/php4-session which fixes php 4.4.5 segfault when register_globals=on Message-ID: <20070220201221.137AF1B47@orion.ulstu.ru> Resent-Message-ID: <200702202050.l1KKoELW085545@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 109372
>Category: ports
>Synopsis: [PATCH] for www/php4-session which fixes php 4.4.5 segfault when register_globals=on
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 20 20:50:14 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Alexander Zhuravlev
>Release: FreeBSD 4.11-STABLE i386
>Organization:
>Environment:
System: FreeBSD orion.ulstu.ru 4.11-STABLE FreeBSD 4.11-STABLE #30: Tue Dec 12 15:18:35 MSK 2006 root@orion.ulstu.ru:/usr/obj/usr/src/sys/ORION i386
>Description:
The patch fixes php bug #40505.
PHP 4.4.5 has a bug in sessions handling which leads to segfaults when register_globals option is enabled.
Attached patch bumps php4-session revision and applies the patch.
>How-To-Repeat:
>Fix:
--- php4-session.patch begins here ---
diff -urbBN php4-session.orig/Makefile php4-session/Makefile
--- php4-session.orig/Makefile Mon Jul 19 12:41:18 2004
+++ php4-session/Makefile Tue Feb 20 22:48:41 2007
@@ -5,6 +5,8 @@
# $FreeBSD: ports/www/php4-session/Makefile,v 1.1 2004/07/19 08:41:18 ale Exp $
#
+PORTREVISION=1
+
CATEGORIES= www
MASTERDIR= ${.CURDIR}/../../lang/php4
diff -urbBN php4-session.orig/files/patch-session_segfault.diff php4-session/files/patch-session_segfault.diff
--- php4-session.orig/files/patch-session_segfault.diff Thu Jan 1 03:00:00 1970
+++ php4-session/files/patch-session_segfault.diff Tue Feb 20 22:37:03 2007
@@ -0,0 +1,43 @@
+Index: ext/session/session.c
+--- session.c 2007/01/09 15:31:36 1.336.2.53.2.13
++++ session.c 2007/02/15 09:41:30 1.336.2.53.2.14
+@@ -17,7 +17,7 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id: session.c,v 1.336.2.53.2.13 2007/01/09 15:31:36 iliaa Exp $ */
++/* $Id: session.c,v 1.336.2.53.2.14 2007/02/15 09:41:30 tony2001 Exp $ */
+
+ #ifdef HAVE_CONFIG_H
+ #include "config.h"
+@@ -271,8 +271,12 @@
+ {
+ zval **sym_track = NULL;
+
+- zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1,
+- (void *) &sym_track);
++ IF_SESSION_VARS() {
++ zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1,
++ (void *) &sym_track);
++ } else {
++ return;
++ }
+
+ /*
+ * Set up a proper reference between $_SESSION["x"] and $x.
+@@ -281,11 +285,10 @@
+ if (PG(register_globals)) {
+ zval **sym_global = NULL;
+
+- zend_hash_find(&EG(symbol_table), name, namelen + 1,
+- (void *) &sym_global);
+-
+- if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
+- return;
++ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) {
++ if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
++ return;
++ }
+ }
+
+ if (sym_global == NULL && sym_track == NULL) {
--- php4-session.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070220201221.137AF1B47>