Fix zend_string leak on case-variant duplicate setcookie() options#22309
Open
iliaal wants to merge 1 commit into
Open
Fix zend_string leak on case-variant duplicate setcookie() options#22309iliaal wants to merge 1 commit into
iliaal wants to merge 1 commit into
Conversation
php_head_parse_cookie_options_array() matches option keys case insensitively, but array keys are case sensitive, so a duplicate differing only in case (e.g. "path" and "Path") overwrote the previously fetched path/domain/samesite string without releasing it. Release any value already stored before fetching the next one.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
php_head_parse_cookie_options_array() matches option keys case insensitively, but array keys are case sensitive, so an option given twice differing only in case ('path' and 'Path') fetched the second string over the first without releasing it, leaking a zend_string per call. Release any value already stored before fetching the next one.