diff options
| author | xXx-caillou-xXx | 2017-12-19 15:43:13 +0100 |
|---|---|---|
| committer | GitHub | 2017-12-19 15:43:13 +0100 |
| commit | 05906ca8dc18fce72fea2287b006157c08dc9e81 (patch) | |
| tree | 9ebec3c91ef617db9f5035ee01f5242e1f28f869 /src/sp_cookie_encryption.c | |
| parent | f70bd2eafc2fdac9fa528a3e649db0178c601b41 (diff) | |
| parent | 451d23a2c67694d3ac7ecb602c34da23a227f1f9 (diff) | |
Merge pull request #88 from nbs-system/fix-double_decoding
fix double decoding
Diffstat (limited to 'src/sp_cookie_encryption.c')
| -rw-r--r-- | src/sp_cookie_encryption.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 5189c20..2bb305f 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c | |||
| @@ -42,7 +42,6 @@ static inline void generate_key(unsigned char *key) { | |||
| 42 | int decrypt_cookie(zval *pDest, int num_args, va_list args, | 42 | int decrypt_cookie(zval *pDest, int num_args, va_list args, |
| 43 | zend_hash_key *hash_key) { | 43 | zend_hash_key *hash_key) { |
| 44 | unsigned char key[crypto_secretbox_KEYBYTES] = {0}; | 44 | unsigned char key[crypto_secretbox_KEYBYTES] = {0}; |
| 45 | size_t value_len; | ||
| 46 | zend_string *debase64; | 45 | zend_string *debase64; |
| 47 | unsigned char *decrypted; | 46 | unsigned char *decrypted; |
| 48 | sp_cookie *cookie = zend_hash_find_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, | 47 | sp_cookie *cookie = zend_hash_find_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, |
| @@ -54,15 +53,13 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, | |||
| 54 | return ZEND_HASH_APPLY_KEEP; | 53 | return ZEND_HASH_APPLY_KEEP; |
| 55 | } | 54 | } |
| 56 | 55 | ||
| 57 | generate_key(key); | 56 | /* If the cookie has no value, it shouldn't be encrypted. */ |
| 58 | 57 | if (0 == Z_STRLEN_P(pDest)) { | |
| 59 | value_len = php_url_decode(Z_STRVAL_P(pDest), Z_STRLEN_P(pDest)); | ||
| 60 | |||
| 61 | if (value_len == 0) { | ||
| 62 | return ZEND_HASH_APPLY_KEEP; | 58 | return ZEND_HASH_APPLY_KEEP; |
| 63 | } | 59 | } |
| 64 | 60 | ||
| 65 | debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), value_len); | 61 | debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), |
| 62 | Z_STRLEN_P(pDest)); | ||
| 66 | 63 | ||
| 67 | if (ZSTR_LEN(debase64) < | 64 | if (ZSTR_LEN(debase64) < |
| 68 | crypto_secretbox_NONCEBYTES + crypto_secretbox_ZEROBYTES) { | 65 | crypto_secretbox_NONCEBYTES + crypto_secretbox_ZEROBYTES) { |
| @@ -71,6 +68,8 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, | |||
| 71 | return ZEND_HASH_APPLY_REMOVE; | 68 | return ZEND_HASH_APPLY_REMOVE; |
| 72 | } | 69 | } |
| 73 | 70 | ||
| 71 | generate_key(key); | ||
| 72 | |||
| 74 | decrypted = pecalloc(ZSTR_LEN(debase64), 1, 0); | 73 | decrypted = pecalloc(ZSTR_LEN(debase64), 1, 0); |
| 75 | 74 | ||
| 76 | ret = crypto_secretbox_open( | 75 | ret = crypto_secretbox_open( |