Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability

# Discovered by Stefan Esser
2024-11-25 02:44:58 +08:00 · 2007-03-14 19:37:07 +00:00 · 2007-03-14 19:37:07 +00:00 · 7aab16c333
commit 7aab16c333
parent f9d54cbb75
1 changed files with 2 additions and 0 deletions
--- a/ext/session/session.c
+++ b/ext/session/session.c
@ -846,6 +846,7 @@ new_session:
 	} else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */
 		PS(invalid_session_id) = 0;
 		efree(PS(id));
+		PS(id) = NULL;
 		goto new_session;
 	}
 }
@ -1575,6 +1576,7 @@ PHP_FUNCTION(session_regenerate_id)
 				RETURN_FALSE;
 			}
 			efree(PS(id));
+			PS(id) = NULL;
 		}
 	
 		PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);