diff --git a/ext/session/session.c b/ext/session/session.c index aa9883ab1df33..32de7c36d7813 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2383,6 +2383,10 @@ PHP_FUNCTION(session_create_id) } if (prefix && ZSTR_LEN(prefix)) { + if (ZSTR_LEN(prefix) > PS_MAX_SID_LENGTH) { + zend_argument_value_error(1, "cannot be longer than %d characters", PS_MAX_SID_LENGTH); + RETURN_THROWS(); + } if (php_session_valid_key(ZSTR_VAL(prefix)) == FAILURE) { /* E_ERROR raised for security reason. */ php_error_docref(NULL, E_WARNING, "Prefix cannot contain special characters. Only the A-Z, a-z, 0-9, \"-\", and \",\" characters are allowed"); diff --git a/ext/session/tests/session_create_id_invalid_prefix.phpt b/ext/session/tests/session_create_id_invalid_prefix.phpt index 0a4e2c2d40013..7de7e8061f689 100644 --- a/ext/session/tests/session_create_id_invalid_prefix.phpt +++ b/ext/session/tests/session_create_id_invalid_prefix.phpt @@ -12,8 +12,18 @@ session var_dump(session_create_id('_')); var_dump(session_create_id('%')); -var_dump(session_create_id("AB\0CD")); +try { + var_dump(session_create_id('ABTgdPs68S3M4HMaqKwj33TzqLMv5PHpWQxJbfpeogEhrJRY7o9f33pKLCmhf0tXCtoBkIu0yxXYCSHfJhPd2miPUW4MIpd91dnEiOwWDfaBnfdJZOwgvgmYLSfDGaebqmnCAoyuzlcq2j59nNRhccgJIkr9ytY3RwFTTXszpcjpx6mlJuG9GksKAhPsnnaEwSEb0eFyqvn80gYI2roKSjaFSmJxg0xgXuCF4csMo8DxiSvovho5QTKx5u7h8VyQL')); +} catch (Throwable $e) { + echo $e::class . ': ' . $e->getMessage() . "\n"; +} + +try { + var_dump(session_create_id("AB\0CD")); +} catch (Throwable $e) { + echo $e::class . ': ' . $e->getMessage() . "\n"; +} ?> Done @@ -23,9 +33,6 @@ bool(false) Warning: session_create_id(): Prefix cannot contain special characters. Only the A-Z, a-z, 0-9, "-", and "," characters are allowed in %s on line %d bool(false) - -Fatal error: Uncaught ValueError: session_create_id(): Argument #1 ($prefix) must not contain any null bytes in %s:%d -Stack trace: -#0 %s(5): session_create_id('AB\x00CD') -#1 {main} - thrown in %s +ValueError: session_create_id(): Argument #1 ($prefix) cannot be longer than 256 characters +ValueError: session_create_id(): Argument #1 ($prefix) must not contain any null bytes +Done