8000 security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoS… · symfony/symfony@47e7268 · GitHub
[go: up one dir, main page]

Skip to content

Commit 47e7268

Browse files
committed
security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
* cve-2018-11386: [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
2 parents 84bba75 + 0cf874e commit 47e7268

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -494,6 +494,7 @@ private function doRead($sessionId)
494494
$selectSql = $this->getSelectSql();
495495
$selectStmt = $this->pdo->prepare($selectSql);
496496
$selectStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR);
497+
$insertStmt = null;
497498

498499
do {
499500
$selectStmt->execute();
@@ -509,6 +510,11 @@ private function doRead($sessionId)
509510
return is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0];
510511
}
511512

513+
if (null !== $insertStmt) {
514+
$this->rollback();
515+
throw new \RuntimeException('Failed to read session: INSERT reported a duplicate id but next SELECT did not return any data.');
516+
}
517+
512518
if (self::LOCK_TRANSACTIONAL === $this->lockMode && 'sqlite' !== $this->driver) {
513519
// Exclusive-reading of non-existent rows does not block, so we need to do an insert to block
514520
// until other connections to the session are committed.

0 commit comments

Comments
 (0)
2A81
0