Fix #79413: session_create_id() fails for active sessions

cmb69 · cmb69 · commit b510250b8ebe · 2020-03-31T08:38:23.000+02:00
The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session already exists.
So to detect a collision, we have to check for `SUCCESS`, not
`FAILURE`.

We also fix the wrong condition in session_regenerate_id() as well.
diff --git a/NEWS b/NEWS
@@ -20,6 +20,9 @@ PHP                                                                        NEWS
   . Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
     (Dmitry)
 
+- Session:
+  . Fixed bug #79413 (session_create_id() fails for active sessions). (cmb)
+
 - Shmop:
   . Fixed bug #79427 (Integer Overflow in shmop_open()). (cmb)
 
diff --git a/ext/session/session.c b/ext/session/session.c
@@ -2223,7 +2223,7 @@ static PHP_FUNCTION(session_regenerate_id)
 		RETURN_FALSE;
 	}
 	if (PS(use_strict_mode) && PS(mod)->s_validate_sid &&
-		PS(mod)->s_validate_sid(&PS(mod_data), PS(id)) == FAILURE) {
+		PS(mod)->s_validate_sid(&PS(mod_data), PS(id)) == SUCCESS) {
 		zend_string_release_ex(PS(id), 0);
 		PS(id) = PS(mod)->s_create_sid(&PS(mod_data));
 		if (!PS(id)) {
@@ -2285,7 +2285,7 @@ static PHP_FUNCTION(session_create_id)
 				break;
 			} else {
 				/* Detect collision and retry */
-				if (PS(mod)->s_validate_sid(&PS(mod_data), new_id) == FAILURE) {
+				if (PS(mod)->s_validate_sid(&PS(mod_data), new_id) == SUCCESS) {
 					zend_string_release_ex(new_id, 0);
                     new_id = NULL;
 					continue;
diff --git a/ext/session/tests/bug79091.phpt b/ext/session/tests/bug79091.phpt
@@ -50,7 +50,7 @@ class MySessionHandler implements SessionHandlerInterface, SessionIdInterface, S
 
     public function validateId($key)
     {
-        return false;
+        return true;
     }
 }
 
diff --git a/ext/session/tests/bug79413.phpt b/ext/session/tests/bug79413.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #79413 (session_create_id() fails for active sessions)
+--SKIPIF--
+<?php
+if (!extension_loaded('session')) die('skip session extension not available');
+?>
+--FILE--
+<?php
+session_start();
+$old = session_id();
+$new = session_create_id();
+var_dump($new !== $old);
+?>
+--EXPECT--
+bool(true)

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ class MySessionHandler implements SessionHandlerInterface, SessionIdInterface, S`
`50`	`50`
`51`	`51`	`public function validateId($key)`
`52`	`52`	`{`
`53`		`- return false;`
	`53`	`+ return true;`
`54`	`54`	`}`
`55`	`55`	`}`
`56`	`56`