summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjvoisin2018-12-15 14:30:32 +0000
committerGitHub2018-12-15 14:30:32 +0000
commit0988660cc2f5d194468f81fab48160c0f9b253dc (patch)
tree3fd9cbae8641abc34e56d476f2eaa39b679c9e46
parent244f3da227d07b94602a3b517fcb8aefeb9f459d (diff)
Improve simulation mode for session cookies (#259)
Since decrypt_zval doesn't provide a way to tell apart failed and successful decryption when used in simulation mode, we'll have to restore the original value if something goes wrong, because crypto_secretbox_open might modify the value.
Diffstat
-rw-r--r--src/sp_crypt.c8
-rw-r--r--src/sp_session.c15
2 files changed, 15 insertions, 8 deletions
diff --git a/src/sp_crypt.c b/src/sp_crypt.c
index b6eaa59..525da56 100644
--- a/src/sp_crypt.c
+++ b/src/sp_crypt.c
@@ -91,6 +91,8 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) {
91 generate_key(key); 91 generate_key(key);
92 92
93 decrypted = ecalloc(ZSTR_LEN(debase64) + crypto_secretbox_ZEROBYTES, 1); 93 decrypted = ecalloc(ZSTR_LEN(debase64) + crypto_secretbox_ZEROBYTES, 1);
94 char *backup = ecalloc(ZSTR_LEN(debase64), 1);
95 memcpy(backup, ZSTR_VAL(debase64), ZSTR_LEN(debase64));
94 96
95 ret = crypto_secretbox_open( 97 ret = crypto_secretbox_open(
96 decrypted, 98 decrypted,
@@ -105,19 +107,25 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) {
105 "Something went wrong with the decryption of %s. Using the cookie " 107 "Something went wrong with the decryption of %s. Using the cookie "
106 "'as it' instead of decrypting it", 108 "'as it' instead of decrypting it",
107 hash_key ? ZSTR_VAL(hash_key->key) : "the session"); 109 hash_key ? ZSTR_VAL(hash_key->key) : "the session");
110 memcpy(ZSTR_VAL(debase64), backup, ZSTR_LEN(debase64));
111 efree(backup);
108 return ZEND_HASH_APPLY_KEEP; 112 return ZEND_HASH_APPLY_KEEP;
109 } else { 113 } else {
110 sp_log_msg("cookie_encryption", SP_LOG_WARN, 114 sp_log_msg("cookie_encryption", SP_LOG_WARN,
111 "Something went wrong with the decryption of %s", 115 "Something went wrong with the decryption of %s",
112 hash_key ? ZSTR_VAL(hash_key->key) : "the session"); 116 hash_key ? ZSTR_VAL(hash_key->key) : "the session");
117 efree(backup);
113 return ZEND_HASH_APPLY_REMOVE; 118 return ZEND_HASH_APPLY_REMOVE;
114 } 119 }
115 } 120 }
121 efree(backup);
116 122
117 ZVAL_STRINGL(pDest, (char *)(decrypted + crypto_secretbox_ZEROBYTES), 123 ZVAL_STRINGL(pDest, (char *)(decrypted + crypto_secretbox_ZEROBYTES),
118 ZSTR_LEN(debase64) - crypto_secretbox_NONCEBYTES - 1 - 124 ZSTR_LEN(debase64) - crypto_secretbox_NONCEBYTES - 1 -
119 crypto_secretbox_ZEROBYTES); 125 crypto_secretbox_ZEROBYTES);
120 126
127 zend_string_release(decrypted);
128
121 return ZEND_HASH_APPLY_KEEP; 129 return ZEND_HASH_APPLY_KEEP;
122} 130}
123 131
diff --git a/src/sp_session.c b/src/sp_session.c
index 550b83d..b3db622 100644
--- a/src/sp_session.c
+++ b/src/sp_session.c
@@ -30,19 +30,18 @@ static int sp_hook_s_read(PS_READ_ARGS) {
30 const sp_config_session *config_session = 30 const sp_config_session *config_session =
31 SNUFFLEUPAGUS_G(config).config_session; 31 SNUFFLEUPAGUS_G(config).config_session;
32 32
33 if (r == SUCCESS && config_session->encrypt && val != NULL && *val != NULL && 33 if ((NULL == val) || (NULL == *val) || (0 == ZSTR_LEN(*val))) {
34 ZSTR_LEN(*val)) { 34 return r;
35 }
36
37 if (r == SUCCESS && config_session->encrypt) {
35 zend_string *orig_val = *val; 38 zend_string *orig_val = *val;
36 zval val_zval; 39 zval val_zval;
37 ZVAL_PSTRINGL(&val_zval, ZSTR_VAL(*val), ZSTR_LEN(*val)); 40 ZVAL_PSTRINGL(&val_zval, ZSTR_VAL(*val), ZSTR_LEN(*val));
38 41
39 int ret = decrypt_zval(&val_zval, config_session->simulation, NULL); 42 int ret = decrypt_zval(&val_zval, config_session->simulation, NULL);
40 if (0 != ret) { 43 if (ZEND_HASH_APPLY_KEEP != ret) {
41 if (config_session->simulation) { 44 zend_bailout();
42 return ret;
43 } else {
44 zend_bailout();
45 }
46 } 45 }
47 46
48 *val = zend_string_dup(val_zval.value.str, 0); 47 *val = zend_string_dup(val_zval.value.str, 0);