Do not crash on no cookie hash key

Do not dereference the hash key for cookie encryption if it's NULL: Program terminated with signal SIGSEGV, Segmentation fault. #0 zend_string_equal_content (s1=0x79bdb92170f0, s2=0x0) at /usr/include/php/20240924/Zend/zend_string.h:386 No locals. #1 zend_string_equals (s1=0x79bdb92170f0, s2=0x0) at /usr/include/php/20240924/Zend/zend_string.h:391 No locals. #2 sp_match_value (value=0x0, to_match=0x79bdb92170f0, rx=0x0) at ./src/sp_utils.c:273 No locals. #3 0x00007989377b0709 in sp_lookup_cookie_config (key=0x0) at ./src/sp_cookie_encryption.c:8 config = 0x79bdb92158d0 it = 0x79ae80dabd00 it = <optimized out> config = <optimized out> #4 decrypt_cookie (pDest=0x79893b6787c0, num_args=<optimized out>, args=<optimized out>, hash_key=0x7ffe657c3880) at ./src/sp_cookie_encryption.c:19 cookie = <optimized out> #5 0x000061875aac52df in zend_hash_apply_with_arguments () No symbol table info available. #6 0x00007989377ae74b in zm_activate_snuffleupagus (type=<optimized out>, module_number=<optimized out>) at ./src/snuffleupagus.c:228 config_wrapper = 0x7989377c3490 <snuffleupagus_globals+144> #7 0x000061875aa21710 in zend_activate_modules () No symbol table info available. #8 0x000061875a9a7f18 in php_request_startup () No symbol table info available.
author: Christian Göttsche 2025-06-25 11:43:58 +0200
committer: jvoisin 2025-06-25 19:38:30 +0200
commit: d4e010846d9d8db8bf6e1fec9a2c39ed762e257d (patch)
tree: b7a20960139ecd6c8af916ac297620e3dff13148 /src/sp_cookie_encryption.c
parent: 095bf518bc0d842f96c5ae6e89fc6b0db61dc9dc (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index 8b24a9c..c833f94 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -16,7 +16,15 @@ static inline const sp_cookie *sp_lookup_cookie_config(const zend_string *key) {
 /* called at RINIT time with each cookie, eventually decrypt said cookie */
 int decrypt_cookie(zval *pDest, int num_args, va_list args,
                   zend_hash_key *hash_key) {
-  const sp_cookie *cookie = sp_lookup_cookie_config(hash_key->key);
+  const zend_string *key = hash_key->key;
+  const sp_cookie *cookie;
+  /* If there is no key, it shouldn't be encrypted. */
+  if (!key) {
+    return ZEND_HASH_APPLY_KEEP;
+  }
+  cookie = sp_lookup_cookie_config(key);
  /* If the cookie isn't in the conf, it shouldn't be encrypted. */
  if (!cookie || !cookie->encrypt) {
author	Christian Göttsche	2025-06-25 11:43:58 +0200
committer	jvoisin	2025-06-25 19:38:30 +0200
commit	d4e010846d9d8db8bf6e1fec9a2c39ed762e257d (patch)
tree	b7a20960139ecd6c8af916ac297620e3dff13148 /src/sp_cookie_encryption.c
parent	095bf518bc0d842f96c5ae6e89fc6b0db61dc9dc (diff)

diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 8b24a9c..c833f94 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c
@@ -16,7 +16,15 @@ static inline const sp_cookie sp_lookup_cookie_config(const zend_string key) {
16	/* called at RINIT time with each cookie, eventually decrypt said cookie */	16	/* called at RINIT time with each cookie, eventually decrypt said cookie */
17	int decrypt_cookie(zval *pDest, int num_args, va_list args,	17	int decrypt_cookie(zval *pDest, int num_args, va_list args,
18	zend_hash_key *hash_key) {	18	zend_hash_key *hash_key) {
19	const sp_cookie *cookie = sp_lookup_cookie_config(hash_key->key);	19	const zend_string *key = hash_key->key;
		20	const sp_cookie *cookie;
		21
		22	/* If there is no key, it shouldn't be encrypted. */
		23	if (!key) {
		24	return ZEND_HASH_APPLY_KEEP;
		25	}
		26
		27	cookie = sp_lookup_cookie_config(key);
20		28
21	/* If the cookie isn't in the conf, it shouldn't be encrypted. */	29	/* If the cookie isn't in the conf, it shouldn't be encrypted. */
22	if (!cookie \|\| !cookie->encrypt) {	30	if (!cookie \|\| !cookie->encrypt) {