Fix two cookie encryption issues found by @cfreal, and a bonus one (#18) - snuffleupagus - Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

diff options

author	jvoisin	2017-09-29 17:17:54 +0200
committer	GitHub	2017-09-29 17:17:54 +0200
commit	b5628fcc599919711171a5154f37ad90bd6b5065 (patch)
tree	545766f8293039a6df41ffacf4fa5f51d09698a6 /src/tests/disabled_functions_param_array.phpt
parent	e010aadf08350a242527a0a98a3b67fe25607b98 (diff)

Fix two cookie encryption issues found by @cfreal, and a bonus one (#18)

* Fix a cookie encryption issue found by @cfreal - Use the base64-decoded payload length to allocate memory to decrypt it, instead of allocating the length of the undecoded one. This has no security impact, since the base64-encoded string is at least as large as the decoded one. Since we're using AEAD, there is no way to leak memory, since this would make the decryption fail.

Diffstat (limited to 'src/tests/disabled_functions_param_array.phpt')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: