Permalink
Browse files

security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoS…

…essionHandler when MySQL is in loose mode

* cve-2018-11386:
  [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
  • Loading branch information...
fabpot committed May 23, 2018
2 parents 84bba75 + 0cf874e commit 47e72683c648c9c79b81635e0a3e43d13ed3f5cf
@@ -494,6 +494,7 @@ private function doRead($sessionId)
$selectSql = $this->getSelectSql();
$selectStmt = $this->pdo->prepare($selectSql);
$selectStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR);
$insertStmt = null;
do {
$selectStmt->execute();
@@ -509,6 +510,11 @@ private function doRead($sessionId)
return is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0];
}
if (null !== $insertStmt) {
$this->rollback();
throw new \RuntimeException('Failed to read session: INSERT reported a duplicate id but next SELECT did not return any data.');
}
if (self::LOCK_TRANSACTIONAL === $this->lockMode && 'sqlite' !== $this->driver) {
// Exclusive-reading of non-existent rows does not block, so we need to do an insert to block
// until other connections to the session are committed.

0 comments on commit 47e7268

Please sign in to comment.