Fix GH-16290: session cookie_lifetime ini value overflow.

Author: devnexen

ext/session/session.c

@@ -693,9 +693,18 @@ static PHP_INI_MH(OnUpdateCookieLifetime) /* {{{ */
 {
 	SESSION_CHECK_ACTIVE_STATE;
 	SESSION_CHECK_OUTPUT_STATE;
-	if (atol(ZSTR_VAL(new_value)) < 0) {
+
+#ifdef ZEND_ENABLE_ZVAL_LONG64
+	const zend_long maxcookie = ZEND_LONG_MAX - INT_MAX - 1;
+#else
+	const zend_long maxcookie = ZEND_LONG_MAX / 2 - 1;
+#endif
+	zend_long v = (zend_long)atol(ZSTR_VAL(new_value));
+	if (v < 0) {
 		php_error_docref(NULL, E_WARNING, "CookieLifetime cannot be negative");
 		return FAILURE;
+	} else if (v > maxcookie) {
+		return SUCCESS;
 	}
 	return OnUpdateLongGEZero(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
 }

ext/session/tests/gh16290.phpt

@@ -0,0 +1,13 @@
+--TEST--
+GH-16290 (overflow on session cookie_lifetime ini)
+--EXTENSIONS--
+session
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+session_set_cookie_params(PHP_INT_MAX, '/', null, false, true);
+echo "DONE";
+?>
+--EXPECT--
+DONE

ext/session/tests/session_set_cookie_params_variation8.phpt

@@ -25,7 +25,7 @@ bool(true)
 string(1) "0"
 string(1) "0"
 
-Warning: session_set_cookie_params(): CookieLifetime cannot be negative in %s on line %d
+Warning: session_set_cookie_params(): CookieLifetime must be between %d and %d in %s on line %d
 bool(false)
 string(1) "0"
 Done