Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 485db46

Browse files
yatsukhnenkoyatsukhnenko
committed
Issue #88
Disallow using empty string as session name.
1 parent 4b8336f commit 485db46

1 file changed

Lines changed: 29 additions & 31 deletions

File tree

redis_session.c

Lines changed: 29 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -337,24 +337,25 @@ PS_READ_FUNC(redis)
337337
{
338338
char *resp, *cmd;
339339
int resp_len, cmd_len;
340-
341-
redis_pool *pool = PS_GET_MOD_DATA();
342340
#if (PHP_MAJOR_VERSION < 7)
343-
redis_pool_member *rpm = redis_pool_get_sock(pool, key TSRMLS_CC);
341+
const char *skey = key;
342+
size_t skeylen = strlen(key);
344343
#else
345-
redis_pool_member *rpm = redis_pool_get_sock(pool, ZSTR_VAL(key) TSRMLS_CC);
344+
const char *skey = ZSTR_VAL(key);
345+
size_t skeylen = ZSTR_LEN(key);
346346
#endif
347+
348+
if (!skeylen) return FAILURE;
349+
350+
redis_pool *pool = PS_GET_MOD_DATA();
351+
redis_pool_member *rpm = redis_pool_get_sock(pool, skey TSRMLS_CC);
347352
RedisSock *redis_sock = rpm?rpm->redis_sock:NULL;
348353
if(!rpm || !redis_sock){
349354
return FAILURE;
350355
}
351356

352357
/* send GET command */
353-
#if (PHP_MAJOR_VERSION < 7)
354-
resp = redis_session_key(rpm, key, strlen(key), &resp_len);
355-
#else
356-
resp = redis_session_key(rpm, ZSTR_VAL(key), ZSTR_LEN(key), &resp_len);
357-
#endif
358+
resp = redis_session_key(rpm, skey, skeylen, &resp_len);
358359
cmd_len = REDIS_SPPRINTF(&cmd, "GET", "s", resp, resp_len);
359360

360361
efree(resp);
@@ -397,29 +398,27 @@ PS_WRITE_FUNC(redis)
397398
{
398399
char *cmd, *response, *session;
399400
int cmd_len, response_len, session_len;
400-
401-
redis_pool *pool = PS_GET_MOD_DATA();
402401
#if (PHP_MAJOR_VERSION < 7)
403-
redis_pool_member *rpm = redis_pool_get_sock(pool, key TSRMLS_CC);
402+
const char *skey = key, *sval = val;
403+
size_t skeylen = strlen(key), svallen = vallen;
404404
#else
405-
redis_pool_member *rpm = redis_pool_get_sock(pool, ZSTR_VAL(key) TSRMLS_CC);
405+
const char *skey = ZSTR_VAL(key), *sval = ZSTR_VAL(val);
406+
size_t skeylen = ZSTR_LEN(key), svallen = ZSTR_LEN(val);
406407
#endif
408+
409+
if (!skeylen) return FAILURE;
410+
411+
redis_pool *pool = PS_GET_MOD_DATA();
412+
redis_pool_member *rpm = redis_pool_get_sock(pool, skey TSRMLS_CC);
407413
RedisSock *redis_sock = rpm?rpm->redis_sock:NULL;
408414
if(!rpm || !redis_sock){
409415
return FAILURE;
410416
}
411417

412418
/* send SET command */
413-
#if (PHP_MAJOR_VERSION < 7)
414-
session = redis_session_key(rpm, key, strlen(key), &session_len);
415-
cmd_len = REDIS_SPPRINTF(&cmd, "SETEX", "sds", session, session_len,
416-
INI_INT("session.gc_maxlifetime"), val, vallen);
417-
#else
418-
session = redis_session_key(rpm, ZSTR_VAL(key), ZSTR_LEN(key), &session_len);
419+
session = redis_session_key(rpm, skey, skeylen, &session_len);
419420
cmd_len = REDIS_SPPRINTF(&cmd, "SETEX", "sds", session, session_len,
420-
INI_INT("session.gc_maxlifetime"),
421-
ZSTR_VAL(val), ZSTR_LEN(val));
422-
#endif
421+
INI_INT("session.gc_maxlifetime"), sval, svallen);
423422
efree(session);
424423
if(redis_sock_write(redis_sock, cmd, cmd_len TSRMLS_CC) < 0) {
425424
efree(cmd);
@@ -448,24 +447,23 @@ PS_DESTROY_FUNC(redis)
448447
{
449448
char *cmd, *response, *session;
450449
int cmd_len, response_len, session_len;
451-
452-
redis_pool *pool = PS_GET_MOD_DATA();
453450
#if (PHP_MAJOR_VERSION < 7)
454-
redis_pool_member *rpm = redis_pool_get_sock(pool, key TSRMLS_CC);
451+
const char *skey = key;
452+
size_t skeylen = strlen(key);
455453
#else
456-
redis_pool_member *rpm = redis_pool_get_sock(pool, ZSTR_VAL(key) TSRMLS_CC);
454+
const char *skey = ZSTR_VAL(key);
455+
size_t skeylen = ZSTR_LEN(key);
457456
#endif
457+
458+
redis_pool *pool = PS_GET_MOD_DATA();
459+
redis_pool_member *rpm = redis_pool_get_sock(pool, skey TSRMLS_CC);
458460
RedisSock *redis_sock = rpm?rpm->redis_sock:NULL;
459461
if(!rpm || !redis_sock){
460462
return FAILURE;
461463
}
462464

463465
/* send DEL command */
464-
#if (PHP_MAJOR_VERSION < 7)
465-
session = redis_session_key(rpm, key, strlen(key), &session_len);
466-
#else
467-
session = redis_session_key(rpm, ZSTR_VAL(key), ZSTR_LEN(key), &session_len);
468-
#endif
466+
session = redis_session_key(rpm, skey, skeylen, &session_len);
469467
cmd_len = REDIS_SPPRINTF(&cmd, "DEL", "s", session, session_len);
470468
efree(session);
471469
if(redis_sock_write(redis_sock, cmd, cmd_len TSRMLS_CC) < 0) {

0 commit comments

Comments
 (0)