From 0be5634a455091c98962ae094792fa644fca06f3 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Mon, 1 Apr 2024 13:39:38 +0200
Subject: [PATCH] Fix GH-13856: Member access within null pointer of type
 'ps_files' in ext/session/mod_files.c

We should not mark the session as opened when there was a failure in
open.
---
 ext/session/mod_user_class.c   |  6 ++++--
 ext/session/tests/gh13856.phpt | 19 +++++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 ext/session/tests/gh13856.phpt

diff --git a/ext/session/mod_user_class.c b/ext/session/mod_user_class.c
index d5b71da52c282..853db659887be 100644
--- a/ext/session/mod_user_class.c
+++ b/ext/session/mod_user_class.c
@@ -47,8 +47,6 @@ PHP_METHOD(SessionHandler, open)
 
 	PS_SANITY_CHECK;
 
-	PS(mod_user_is_open) = 1;
-
 	zend_try {
 		ret = PS(default_mod)->s_open(&PS(mod_data), save_path, session_name);
 	} zend_catch {
@@ -56,6 +54,10 @@ PHP_METHOD(SessionHandler, open)
 		zend_bailout();
 	} zend_end_try();
 
+	if (SUCCESS == ret) {
+		PS(mod_user_is_open) = 1;
+	}
+
 	RETURN_BOOL(SUCCESS == ret);
 }
 /* }}} */
diff --git a/ext/session/tests/gh13856.phpt b/ext/session/tests/gh13856.phpt
new file mode 100644
index 0000000000000..a6d9fa0eaedb7
--- /dev/null
+++ b/ext/session/tests/gh13856.phpt
@@ -0,0 +1,19 @@
+--TEST--
+GH-13856 (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c)
+--EXTENSIONS--
+session
+--INI--
+session.save_handler=files
+open_basedir=.
+error_reporting=E_ALL
+--FILE--
+<?php
+session_set_save_handler(new \SessionHandler(), true);
+session_start();
+?>
+--EXPECTF--
+Warning: SessionHandler::open(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (.) in %s on line %d
+
+Warning: SessionHandler::close(): Parent session handler is not open in %s on line %d
+
+Warning: session_start(): Failed to initialize storage module: user (path: ) in %s on line %d