#25307 [Opn->Ver]: Crash when session.serialize_handler=wddx & session, post, get vars

[sniper@php.net]

ID: 25307
Updated by: [email]sniper@php.net[/email]
Reported By: cristea at pntcd dot ro
-Status: Open
+Status: Verified
Bug Type: Session related
Operating System: any
PHP Version: 4CVS-2003-08-29 (stable)
New Comment:

Happens only when wddx is the serializer and
register_globals is 'On'.

Backtrace as follows:

0x40567dfa in var_replace (var_hashx=0x0, ozval=0x8244114,
nzval=0x8236ef0) at var_unserializer.re:40
40 var_unserializer.re: No such file or directory.
(gdb) bt
#0 0x40567dfa in var_replace (var_hashx=0x0, ozval=0x8244114,
nzval=0x8236ef0) at var_unserializer.re:40
#1 0x404e727b in php_set_session_var (name=0x824429c "a", namelen=1,
state_val=0x8244114, var_hash=0x0)
at /usr/src/web/php/php4_3/ext/session/session.c:307
#2 0x405720e2 in ps_srlzr_decode_wddx (
val=0x824724c "<wddxPacket
version='1.0'><header/><data><struct><var
name='a'><string>test</string></var></struct></data></wddxPacket>",
vallen=119) at /usr/src/web/php/php4_3/ext/wddx/wddx.c:292
#3 0x404e7e5c in php_session_decode (
val=0x824724c "<wddxPacket
version='1.0'><header/><data><struct><var
name='a'><string>test</string></var></struct></data></wddxPacket>",
vallen=119) at /usr/src/web/php/php4_3/ext/session/session.c:523
#4 0x404e8254 in php_session_initialize () at
/usr/src/web/php/php4_3/ext/session/session.c:608
#5 0x404e9764 in php_session_start () at
/usr/src/web/php/php4_3/ext/session/session.c:1036
#6 0x404eb41b in zif_session_start (ht=0, return_value=0x8246ff4,
this_ptr=0x0, return_value_used=0)
at /usr/src/web/php/php4_3/ext/session/session.c:1475



Previous Comments:
------------------------------------------------------------------------

[2003-08-29 04:35:26] cristea at pntcd dot ro

Description:
------------
Apache will crash session.serialize_handler is set to wddx and when a
$_SESSION var have the same name as a $_POST (or $_GET) var.

Try this code:
File w1.php
-----------
<?php
ini_set('session.serialize_handler', 'wddx');
session_start();
$_SESSION['a'] = 'test';
echo <<< EOS
<form action="w2.php" method="post">
<input type="text" name="a" value="">
<input type="submit">
</form>
EOS;
?>

File w2.php
-----------
<?php
ini_set('session.serialize_handler', 'wddx');
session_start();
print_r($_SESSION);
echo "<hr>";
print_r($_POST);
?>



------------------------------------------------------------------------


--
Edit this bug report at [url]http://bugs.php.net/?id=25307&edit=1[/url]