diff --git a/ext/session/session.c b/ext/session/session.c index 7b91dc5fd7e..0a9cc13acf9 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -284,7 +284,7 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ unsigned char *digest; int digest_len; int j; - char *buf; + char *buf, *outid; struct timeval tv; zval **array; zval **token; @@ -332,6 +332,7 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ efree(buf); return NULL; } + efree(buf); if (PS(entropy_length) > 0) { int fd; @@ -388,19 +389,15 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The ini setting hash_bits_per_character is out of range (should be 4, 5, or 6) - using 4 for now"); } - if (PS_ID_INITIAL_SIZE < ((digest_len + 2) * (8 / PS(hash_bits_per_character))) ) { - /* 100 bytes is enough for most, but not all hash algos */ - buf = erealloc(buf, (digest_len + 2) * (8 / PS(hash_bits_per_character)) ); - } - - j = (int) (bin_to_readable((char *)digest, digest_len, buf, PS(hash_bits_per_character)) - buf); + outid = emalloc((digest_len + 2) * ((8.0f / PS(hash_bits_per_character)) + 0.5)); + j = (int) (bin_to_readable((char *)digest, digest_len, outid, PS(hash_bits_per_character)) - outid); efree(digest); if (newlen) { *newlen = j; } - return buf; + return outid; } /* }}} */ diff --git a/ext/session/tests/031.phpt b/ext/session/tests/031.phpt new file mode 100644 index 00000000000..e8deb3dac5d --- /dev/null +++ b/ext/session/tests/031.phpt @@ -0,0 +1,22 @@ +--TEST-- +setting hash_function to sha512 and hash_bits_per_character > 4 should not crash +--SKIPIF-- + +--INI-- +session.use_cookies=0 +session.cache_limiter= +session.serialize_handler=php +session.save_handler=files +session.hash_function=sha512 +session.hash_bits_per_character=5 +--FILE-- + +--EXPECT-- +I live