6.0.0-alpha12
6/12/25

[#12557] File based SessionHandler: Fix unlikely data corruption due to file creation race
Summary File based SessionHandler: Fix unlikely data corruption due to file creation race
Queue Horde Framework Packages
Queue Version Git master
Type Bug
State Resolved
Priority 1. Low
Owners slusarz (at) horde (dot) org
Requester thomas.jarosch (at) intra2net (dot) com
Created 08/10/2013 (4324 days ago)
Due
Updated 08/12/2013 (4322 days ago)
Assigned
Resolved 08/12/2013 (4322 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch Yes

History
08/12/2013 09:17:35 PM Michael Slusarz Comment #4
Assigned to Michael Slusarz
State ⇒ Resolved		 Reply to this comment
Horde_SessionHandler 2.2.2.
08/12/2013 09:17:20 PM Git Commit Comment #3 Reply to this comment
Changes have been made in Git (master):

commit f779169adf0dd30413df3430130536f138abe227
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Mon Aug 12 15:15:53 2013 -0600

     [mms] Fix rare race condition when creating file-based session 
data for the first time (Thomas Jarosch <thomas.jarosch@intra2net.com
Bug #12557).

  framework/SessionHandler/package.xml |    4 ++--
  1 files changed, 2 insertions(+), 2 deletions(-)

http://git.horde.org/horde-git/-/commit/f779169adf0dd30413df3430130536f138abe227
08/12/2013 09:17:13 PM Git Commit Comment #2 Reply to this comment
Changes have been made in Git (master):

commit 18ef62d7ac1a5397803137e2d1887850a80b33bf
Author: Thomas Jarosch <thomas.jarosch@intra2net.com>
Date:   Sat Aug 10 13:52:42 2013 +0200

     File based SessionHandler: Fix unlikely data corruption due to 
file creation race

     There is a small time window between is_readable() returns true
     and another process creates the file at the same time.
        -> we would truncate the data of the other process.

     Fix it by using 'c+' fopen() mode which is available since PHP 5.2.6.
     (Minimum PHP version for Horde is 5.3.0)

     For those interested in the details of the PHP open modes, look for the
         PHPAPI int php_stream_parse_fopen_modes(const char *mode, int 
*open_flags)
     function in the PHP source code.

     Signed-off-by: Michael M Slusarz <slusarz@horde.org>

     Bug #12557

  .../lib/Horde/SessionHandler/Storage/File.php      |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/18ef62d7ac1a5397803137e2d1887850a80b33bf
08/10/2013 12:06:47 PM Thomas Jarosch Comment #1
Priority ⇒ 1. Low
New Attachment: 0001-File-based-SessionHandler-Fix-unlikely-data-corrupti.patch Download
Patch ⇒ Yes
Milestone ⇒
Queue ⇒ Horde Framework Packages
Summary ⇒ File based SessionHandler: Fix unlikely data corruption due to file creation race
Type ⇒ Bug
State ⇒ Unconfirmed		 Reply to this comment
From the patch:

There is a small time window between is_readable() returns true
and another process creates the file at the same time.
    -> we would truncate the data of the other process.

Fix it by using 'c+' fopen() mode which is available since PHP 5.2.6.
(Minimum PHP version for Horde is 5.3.0)

For those interested in the details of the PHP open modes, look for the
     PHPAPI int php_stream_parse_fopen_modes(const char *mode, int *open_flags)
function in the PHP source code.

New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers