diff options
| author | jvoisin | 2017-12-27 15:43:33 +0100 |
|---|---|---|
| committer | jvoisin | 2017-12-27 15:43:33 +0100 |
| commit | 4fafa8ae5a7bcd700f368bbe6016e0b0fb2cc892 (patch) | |
| tree | 12438ccccb237e3507fb5bd08c43901d7d0bf904 /src/sp_cookie_encryption.c | |
| parent | 60888daa7fb433ca15157256980f8baeb8b698a0 (diff) | |
Implement simulation mode for cookies (de/en)cryption
This should close #102
This commit can be useful for two use-cases:
1. When deploying Snuffleupagus on big CMS like Magento, and not knowing
what cookies are modified via javascript.
2. When deploying Snuffleupagus on big websites: you don't want to disconnect
every single user at once.
When simulation is enabled, if the decryption fails, a log message is
now issued, and the cookie value taken as it (since odds are that it's
non-encrypted).
Diffstat (limited to 'src/sp_cookie_encryption.c')
| -rw-r--r-- | src/sp_cookie_encryption.c | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index c749040..04c864f 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c | |||
| @@ -63,9 +63,17 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, | |||
| 63 | 63 | ||
| 64 | if (ZSTR_LEN(debase64) < | 64 | if (ZSTR_LEN(debase64) < |
| 65 | crypto_secretbox_NONCEBYTES + crypto_secretbox_ZEROBYTES) { | 65 | crypto_secretbox_NONCEBYTES + crypto_secretbox_ZEROBYTES) { |
| 66 | sp_log_msg("cookie_encryption", SP_LOG_DROP, | 66 | if (true == cookie->simulation) { |
| 67 | "Buffer underflow tentative detected in cookie encryption handling."); | 67 | sp_log_msg("cookie_encryption", SP_LOG_SIMULATION, |
| 68 | return ZEND_HASH_APPLY_REMOVE; | 68 | "Buffer underflow tentative detected in cookie encryption handling " |
| 69 | "for %s. Using the cookie 'as it' instead of decrypting it.", | ||
| 70 | ZSTR_VAL(hash_key->key)); | ||
| 71 | return ZEND_HASH_APPLY_KEEP; | ||
| 72 | } else { | ||
| 73 | sp_log_msg("cookie_encryption", SP_LOG_DROP, | ||
| 74 | "Buffer underflow tentative detected in cookie encryption handling."); | ||
| 75 | return ZEND_HASH_APPLY_REMOVE; | ||
| 76 | } | ||
| 69 | } | 77 | } |
| 70 | 78 | ||
| 71 | generate_key(key); | 79 | generate_key(key); |
| @@ -78,11 +86,18 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, | |||
| 78 | ZSTR_LEN(debase64) - crypto_secretbox_NONCEBYTES, | 86 | ZSTR_LEN(debase64) - crypto_secretbox_NONCEBYTES, |
| 79 | (unsigned char *)ZSTR_VAL(debase64), key); | 87 | (unsigned char *)ZSTR_VAL(debase64), key); |
| 80 | 88 | ||
| 81 | if (ret == -1) { | 89 | if (-1 == ret) { |
| 82 | sp_log_msg("cookie_encryption", SP_LOG_DROP, | 90 | if (true == cookie->simulation) { |
| 83 | "Something went wrong with the decryption of %s.", | 91 | sp_log_msg("cookie_encryption", SP_LOG_SIMULATION, |
| 84 | ZSTR_VAL(hash_key->key)); | 92 | "Something went wrong with the decryption of %s. Using the cookie " |
| 85 | return ZEND_HASH_APPLY_REMOVE; | 93 | "'as it' instead of decrypting it", ZSTR_VAL(hash_key->key)); |
| 94 | return ZEND_HASH_APPLY_KEEP; | ||
| 95 | } else { | ||
| 96 | sp_log_msg("cookie_encryption", SP_LOG_DROP, | ||
| 97 | "Something went wrong with the decryption of %s.", | ||
| 98 | ZSTR_VAL(hash_key->key)); | ||
| 99 | return ZEND_HASH_APPLY_REMOVE; | ||
| 100 | } | ||
| 86 | } | 101 | } |
| 87 | 102 | ||
| 88 | ZVAL_STRINGL(pDest, (char *)(decrypted + crypto_secretbox_ZEROBYTES), | 103 | ZVAL_STRINGL(pDest, (char *)(decrypted + crypto_secretbox_ZEROBYTES), |