Fix GH-13856: Member access within null pointer of type 'ps_files' in ext/session/mod_files.c

We should not mark the session as opened when there was a failure in
open.

Closes GH-13858.

NEWS

@@ -20,6 +20,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).
     (nielsdos)
 
+- Session:
+  . Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in
+    ext/session/mod_files.c). (nielsdos)
+
 - Streams:
   . Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).
     (Jakub Zelenka)

ext/session/mod_user_class.c

@@ -47,8 +47,6 @@ PHP_METHOD(SessionHandler, open)
 
 	PS_SANITY_CHECK;
 
-	PS(mod_user_is_open) = 1;
-
 	zend_try {
 		ret = PS(default_mod)->s_open(&PS(mod_data), save_path, session_name);
 	} zend_catch {
@@ -56,6 +54,10 @@ PHP_METHOD(SessionHandler, open)
 		zend_bailout();
 	} zend_end_try();
 
+	if (SUCCESS == ret) {
+		PS(mod_user_is_open) = 1;
+	}
+
 	RETURN_BOOL(SUCCESS == ret);
 }
 /* }}} */

ext/session/tests/gh13856.phpt

@@ -0,0 +1,19 @@
+--TEST--
+GH-13856 (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c)
+--EXTENSIONS--
+session
+--INI--
+session.save_handler=files
+open_basedir=.
+error_reporting=E_ALL
+--FILE--
+<?php
+session_set_save_handler(new \SessionHandler(), true);
+session_start();
+?>
+--EXPECTF--
+Warning: SessionHandler::open(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (.) in %s on line %d
+
+Warning: SessionHandler::close(): Parent session handler is not open in %s on line %d
+
+Warning: session_start(): Failed to initialize storage module: user (path: ) in %s on line %d