ext/session refactoring: INI settings #16419
Conversation
ext/session/session.c
Outdated
| return false; | ||
| } | ||
| /* Prevent broken Set-Cookie header, because the session_name might be user supplied */ | ||
| if (strpbrk(ZSTR_VAL(name), "=,; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */ |
There was a problem hiding this comment.
I know this is an existing issue but \013 is a vertical tab (\v) and \014 is a form feed (\f) which would probably be clearer than needed to look up some documentation
| // TODO Use zend_string_cmp API? | ||
| if (!strcasecmp(lim->name, ZSTR_VAL(PS(cache_limiter)))) { |
There was a problem hiding this comment.
Annoyingly we don't have a zend_string_equals_cstr_ci() API.
| spprintf(&session_cookie, 0, "Set-Cookie: %s=", ZSTR_VAL(PS(session_name))); | ||
|
|
||
| // TODO Manually compute from known information? | ||
| session_cookie_len = strlen(session_cookie); |
There was a problem hiding this comment.
Maybe using the strpprintf API to generate a zend_string is better here?
@Girgias This is because the strings are persistent, but don't have GC_PERSISTENT_LOCAL set. If you're on a multithreaded SAPI/ZTS, then sharing the same non-interned persistent strings can cause race conditions when changing the refcounts. If GC_PERSISTENT_LOCAL is set this check is skipped because you're saying to the engine that these strings are local to the current thread, and thus the reference counts cannot be racy. (Make sure you only do this if you're certain that these strings are not shared across threads). In this particular case, the strings come from INI settings, and I haven't checked if they are local to the current thread, but my gut feeling says they're shared across threads. |
Hum, I suppose the default value of the INI setting might be shared across threads, but I don't know about overwritten values 🤔 |
jorgsowa
force-pushed
the
session-ext-improvements
branch
from
db5e63a to
07dbb54
Compare
However, the code is somewhat disgusting as I'm hitting Zend/zend_types.h:1222: zend_gc_delref: Assertion (zval_gc_flags((p)->u.type_info) & ((1<<7)|(1<<8))) != (1<<7) failed. Failures that I don't understand.
Also fixed a bug where nul bytes where not properly checked
Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>
jorgsowa
force-pushed
the
session-ext-improvements
branch
from
07dbb54 to
d5de6ed
Compare
|
I fixed failing tests on ZTS by changing I'm not quite sure why it was failing though. Anyways, now everything seems to pass. |
| if (strpbrk(ZSTR_VAL(name), "=,; \t\r\n\v\f") != NULL) { /* man isspace for \v and \f */ | ||
| if (diagnostic_type) { | ||
| php_error_docref(NULL, diagnostic_type, "session.name \"%s\" must not contain any of the following " | ||
| "'=,; \\t\\r\\n\\v\\f'", ZSTR_VAL(name)); | ||
| } | ||
| return false; |
There was a problem hiding this comment.
| if (strpbrk(ZSTR_VAL(name), "=,; \t\r\n\v\f") != NULL) { /* man isspace for \v and \f */ | |
| if (diagnostic_type) { | |
| php_error_docref(NULL, diagnostic_type, "session.name \"%s\" must not contain any of the following " | |
| "'=,; \\t\\r\\n\\v\\f'", ZSTR_VAL(name)); | |
| } | |
| return false; | |
| if (strpbrk(ZSTR_VAL(name), SESSION_FORBIDDEN_CHARS) != NULL) { /* man isspace for \v and \f */ | |
| if (diagnostic_type) { | |
| php_error_docref(NULL, diagnostic_type, "session.name \"%s\" must not contain any of the following \"" | |
| SESSION_FORBIDDEN_CHARS "\"", ZSTR_VAL(name)); | |
| } | |
| return false; |
Rebase of PR: #9322