From 1922b712d87e107990340365eb67630816069b70 Mon Sep 17 00:00:00 2001
From: Roman Pronskiy <roman@pronskiy.com>
Date: Wed, 11 Mar 2026 00:12:49 +0100
Subject: [PATCH] Fix fd leak and stale socket issues from security audit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. Close socket on remote_init failure (com.c)
   When early connect succeeds but DBGp handshake fails, the socket
   was never closed — causing fd exhaustion under repeated failures.

2. Reset socket fd to -1 after close (com.c)
   xdebug_mark_debug_connection_not_active() closed the socket but
   left the old fd value, risking use-after-close if the fd is reused.

3. Add PHP_DEBUGGER_SESSION_START to RINIT pre-check (xdebug.c)
   The early connect pre-check only tested XDEBUG_SESSION_START env
   var but not the new alias, causing early connect to be skipped
   when using the new trigger name.
---
 src/debugger/com.c | 5 ++++-
 xdebug.c           | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/debugger/com.c b/src/debugger/com.c
index cc4dcae..fea0be0 100644
--- a/src/debugger/com.c
+++ b/src/debugger/com.c
@@ -636,8 +636,10 @@ static void xdebug_init_debugger()
 		xdebug_mark_debug_connection_pending();
 
 		if (!XG_DBG(context).handler->remote_init(&(XG_DBG(context)), XDEBUG_REQ)) {
-			/* The request could not be started, ignore it then */
+			/* The request could not be started, close the socket to prevent fd leak */
 			xdebug_log_ex(XLOG_CHAN_DEBUG, XLOG_ERR, "SES-INIT", "The debug session could not be started. Tried: %s.", connection_attempts->d);
+			xdebug_close_socket(XG_DBG(context).socket);
+			XG_DBG(context).socket = -1;
 		} else {
 			/* All is well, turn off script time outs */
 			zend_unset_timeout();
@@ -717,6 +719,7 @@ void xdebug_mark_debug_connection_not_active()
 {
 	if (XG_DBG(remote_connection_enabled)) {
 		xdebug_close_socket(XG_DBG(context).socket);
+		XG_DBG(context).socket = -1;
 	}
 
 	XG_DBG(remote_connection_enabled) = 0;
diff --git a/xdebug.c b/xdebug.c
index b223a98..2e13931 100644
--- a/xdebug.c
+++ b/xdebug.c
@@ -597,7 +597,8 @@ PHP_RINIT_FUNCTION(xdebug)
 			xdebug_lib_start_with_request(XDEBUG_MODE_STEP_DEBUG) ||
 			xdebug_lib_start_with_trigger(XDEBUG_MODE_STEP_DEBUG, NULL) ||
 			xdebug_lib_start_upon_error() ||
-			getenv("XDEBUG_SESSION_START") != NULL
+			getenv("XDEBUG_SESSION_START") != NULL ||
+			getenv("PHP_DEBUGGER_SESSION_START") != NULL
 		);
 
 		if (debug_requested) {