Fix two cookie encryption issues found by @cfreal, and a bonus one (#18)

* Fix a cookie encryption issue found by @cfreal

- Use the base64-decoded payload length to allocate memory to decrypt
  it, instead of allocating the length of the undecoded one. This has
  no security impact, since the base64-encoded string is at least as large
  as the decoded one. Since we're using AEAD, there is no way to leak
  memory, since this would make the decryption fail.

1 files changed, 2 insertions, 2 deletions

diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index ad8438a..a47f6e1 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -61,14 +61,14 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args,
 
   debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), value_len);
 
-  if (value_len <
+  if (ZSTR_LEN(debase64) <
       crypto_secretbox_NONCEBYTES + crypto_secretbox_ZEROBYTES) {
     sp_log_msg("cookie_encryption", SP_LOG_DROP,
         "Buffer underflow tentative detected in cookie encryption handling.");
     return ZEND_HASH_APPLY_REMOVE;
   }
 
-  decrypted = pecalloc(value_len, 1, 0);
+  decrypted = pecalloc(ZSTR_LEN(debase64), 1, 0);
 
   ret = crypto_secretbox_open(
       decrypted,