Permalink
Browse files

Strict session. Detect session id collision

  • Loading branch information...
1 parent 25e8fcc commit 82b0e8be99065b61b622df21bbc7494d2fbca3cd Yasuo Ohgaki committed with smalyshev Jun 25, 2013
Showing with 28 additions and 2 deletions.
  1. +14 −1 ext/session/mod_files.c
  2. +14 −1 ext/session/mod_mm.c
View
@@ -459,9 +459,22 @@ PS_GC_FUNC(files)
PS_CREATE_SID_FUNC(files)
{
char *sid;
+ int maxfail = 3;
PS_FILES_DATA;
- sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+ do {
+ sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+ /* Check collision */
+ if (ps_files_key_exists(data, sid TSRMLS_CC) == SUCCESS) {
+ if (sid) {
+ efree(sid);
+ sid = NULL;
+ }
+ if (!(maxfail--)) {
+ return NULL;
+ }
+ }
+ } while(!sid);
return sid;
}
View
@@ -479,9 +479,22 @@ PS_GC_FUNC(mm)
PS_CREATE_SID_FUNC(mm)
{
char *sid;
+ int maxfail = 3;
PS_MM_DATA;
- sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+ do {
+ sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+ /* Check collision */
+ if (ps_mm_key_exists(data, sid TSRMLS_CC) == SUCCESS) {
+ if (sid) {
+ efree(sid);
+ sid = NULL;
+ }
+ if (!(maxfail--)) {
+ return NULL;
+ }
+ }
+ } while(!sid);
return sid;
}

0 comments on commit 82b0e8b

Please sign in to comment.