Fix type confusion with session SID constant

Closes GH-17548.
php · Jan 23, 2025 · 2a2cc2c · 2a2cc2c
1 parent 0b3e637
commit 2a2cc2c
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 2 deletions.
diff --git a/NEWS b/NEWS
@@ -48,6 +48,9 @@ PHP                                                                        NEWS
 - PHPDBG:
   . Fix crashes in function registration + test. (nielsdos, Girgias)
 
+- Session:
+  . Fix type confusion with session SID constant. (nielsdos)
+
 - SimpleXML:
   . Fixed bug GH-17409 (Assertion failure Zend/zend_hash.c:1730). (nielsdos)
 

diff --git a/ext/session/session.c b/ext/session/session.c
@@ -1479,15 +1479,15 @@ PHPAPI zend_result php_session_reset_id(void) /* {{{ */
 		smart_str_appends(&var, ZSTR_VAL(PS(id)));
 		smart_str_0(&var);
 		if (sid) {
-			zval_ptr_dtor_str(sid);
+			zval_ptr_dtor(sid);
 			ZVAL_STR(sid, smart_str_extract(&var));
 		} else {
 			REGISTER_STRINGL_CONSTANT("SID", ZSTR_VAL(var.s), ZSTR_LEN(var.s), 0);
 			smart_str_free(&var);
 		}
 	} else {
 		if (sid) {
-			zval_ptr_dtor_str(sid);
+			zval_ptr_dtor(sid);
 			ZVAL_EMPTY_STRING(sid);
 		} else {
 			REGISTER_STRINGL_CONSTANT("SID", "", 0, 0);

diff --git a/ext/session/tests/SID_type_confusion.phpt b/ext/session/tests/SID_type_confusion.phpt
@@ -0,0 +1,19 @@
+--TEST--
+SID constant type confusion
+--EXTENSIONS--
+session
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.use_cookies=0
+session.use_only_cookies=1
+--FILE--
+<?php
+
+define('SID', [0xdeadbeef]);
+session_start();
+var_dump(SID);
+
+?>
+--EXPECT--
+string(0) ""