From 2e4fda2c67ce98c9be9092effe2522c1de9f7efc Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Fri, 3 Sep 2021 13:25:33 +0200
Subject: fixed session encryption in php8 + related test cases

---
 src/sp_crypt.c                                     |  3 +-
 src/sp_session.c                                   | 13 ++-------
 .../crypt_session_corrupted_session.phpt           |  2 +-
 .../crypt_session_invalid_simul.phpt               | 15 +++++++---
 .../crypt_session_invalid_simul_php73.phpt         | 33 ++++++++++++++++++++++
 .../crypt_session_read_uncrypt.phpt                | 16 +++++++----
 .../set_custom_session_handler.phpt                |  2 +-
 .../set_custom_session_handler2.phpt               |  2 +-
 8 files changed, 61 insertions(+), 25 deletions(-)
 create mode 100644 src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt

diff --git a/src/sp_crypt.c b/src/sp_crypt.c
index eeffe33..ff8f65e 100644
--- a/src/sp_crypt.c
+++ b/src/sp_crypt.c
@@ -43,8 +43,7 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) {
   unsigned char *decrypted = NULL, *backup = NULL;
   int ret = 0;
 
-  zend_string *debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)),
-                               Z_STRLEN_P(pDest));
+  zend_string *debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), Z_STRLEN_P(pDest));
 
   if (ZSTR_LEN(debase64) < crypto_secretbox_NONCEBYTES) {
     if (true == simulation) {
diff --git a/src/sp_session.c b/src/sp_session.c
index b2f4a43..7fa4937 100644
--- a/src/sp_session.c
+++ b/src/sp_session.c
@@ -113,16 +113,9 @@ static PHP_INI_MH(sp_OnUpdateSaveHandler) {
 }
 
 static int sp_hook_session_RINIT(INIT_FUNC_ARGS) {
-  if (SESSION_G(mod) == NULL) {
-    zend_ini_entry *ini_entry;
-    if ((ini_entry = zend_hash_str_find_ptr(
-             EG(ini_directives), ZEND_STRL("session.save_handler")))) {
-      if (ini_entry && ini_entry->value) {
-        sp_OnUpdateSaveHandler(NULL, ini_entry->value, NULL, NULL, NULL, 0);
-      }
-    }
-  }
-  return previous_sessionRINIT(INIT_FUNC_ARGS_PASSTHRU);
+  int ret = previous_sessionRINIT(INIT_FUNC_ARGS_PASSTHRU);
+  sp_hook_session_module();
+  return ret;
 }
 
 void hook_session() {
diff --git a/src/tests/session_encryption/crypt_session_corrupted_session.phpt b/src/tests/session_encryption/crypt_session_corrupted_session.phpt
index 6f9c287..db3f949 100644
--- a/src/tests/session_encryption/crypt_session_corrupted_session.phpt
+++ b/src/tests/session_encryption/crypt_session_corrupted_session.phpt
@@ -6,7 +6,7 @@ Set a custom session handler
 <?php if (PHP_VERSION_ID >= 70400) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_crypt_session.ini
-session.save_path = "/tmp"
+session.save_path="/tmp"
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/session_encryption/crypt_session_invalid_simul.phpt b/src/tests/session_encryption/crypt_session_invalid_simul.phpt
index cbb80dc..80edb8a 100644
--- a/src/tests/session_encryption/crypt_session_invalid_simul.phpt
+++ b/src/tests/session_encryption/crypt_session_invalid_simul.phpt
@@ -1,9 +1,12 @@
 --TEST--
 SESSION crypt and bad decrypt
 --SKIPIF--
-<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (!extension_loaded("snuffleupagus") || PHP_VERSION_ID < 70400) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_crypt_session_simul.ini
+display_errors=0
+log_errors=1
+error_log="{PWD}"/crypt_session_invalid_simul.tmp
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
@@ -19,9 +22,13 @@ putenv("REMOTE_ADDR=127.0.0.2");
 session_id($id); 			// Recover the session with the previous session_id
 session_start(); 			// Re start the session, It will read and decrypt the non empty session
 var_dump($_SESSION); 		// Dump the session
+
+echo file_get_contents(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp");
+unlink(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp");
+
 ?>
 --EXPECTF--
-array(1) {
-  ["toto"]=>
-  string(4) "tata"
+array(0) {
 }
+%aPHP Warning:  [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul.php on line 9
+%aPHP Warning:  session_start(): Failed to decode session object. Session has been destroyed in %a/crypt_session_invalid_simul.php on line 9
diff --git a/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt b/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt
new file mode 100644
index 0000000..4d1f747
--- /dev/null
+++ b/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt
@@ -0,0 +1,33 @@
+--TEST--
+SESSION crypt and bad decrypt
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus") || PHP_VERSION_ID >= 70400) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_crypt_session_simul.ini
+display_errors=0
+log_errors=1
+error_log="{PWD}"/crypt_session_invalid_simul.tmp
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php
+// Do it like that to write (encrypt) the session and then to read (decrypt) the session
+session_start();			// Start new_session , it will read an empty session
+$_SESSION["toto"] = "tata"; // Encrypt and write the session
+$id = session_id(); 		// Get the session_id to use it later
+session_write_close(); 		// Close the session
+putenv("REMOTE_ADDR=127.0.0.2");
+session_id($id); 			// Recover the session with the previous session_id
+session_start(); 			// Re start the session, It will read and decrypt the non empty session
+var_dump($_SESSION); 		// Dump the session
+
+echo file_get_contents(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp");
+unlink(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp");
+
+?>
+--EXPECTF--
+array(0) {
+}
+%aPHP Warning:  [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul%a.php on line 9
diff --git a/src/tests/session_encryption/crypt_session_read_uncrypt.phpt b/src/tests/session_encryption/crypt_session_read_uncrypt.phpt
index 5e81b52..e2e1737 100644
--- a/src/tests/session_encryption/crypt_session_read_uncrypt.phpt
+++ b/src/tests/session_encryption/crypt_session_read_uncrypt.phpt
@@ -4,25 +4,28 @@ SESSION crypt/decrypt valid
 <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_crypt_session_simul.ini
+session.save_path="{PWD}"
+display_errors=0
+log_errors=1
+error_log="{PWD}"/crypt_session_read_uncrypt.tmp
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
 EOF;
 --FILE--
 <?php
-$current_path = dirname(getcwd()) . "/src/tests/" ;
-ini_set("session.save_path", $current_path);
-
 session_start();
 $id = session_id(); 											// Get the session_id to use it later
-$filename_sess = $current_path . "sess_" . $id;
-file_put_contents($filename_sess, "toto|s:4:\"tata\";"); 			// Write a unencrypted session
+$filename_sess = dirname(__FILE__) . "/sess_" . $id;
+file_put_contents($filename_sess, "toto|s:4:\"tata\";"); 			// Write unencrypted session
 session_write_close(); 											// Close the session
 
 session_id($id);
 session_start();												// Try to read the unencrypted session, it will fail to decrypt but it must return the session
 var_dump($_SESSION);
-echo "OK";
+echo "OK\n";
+echo file_get_contents(dirname(__FILE__) . "/crypt_session_read_uncrypt.tmp");
+unlink(dirname(__FILE__) . "/crypt_session_read_uncrypt.tmp");
 unlink($filename_sess);
 ?>
 --EXPECTF--
@@ -31,3 +34,4 @@ array(1) {
   string(4) "tata"
 }
 OK
+%aPHP Warning:  [snuffleupagus][127.0.0.1][cookie_encryption][simulation] Buffer underflow tentative detected in cookie encryption handling for the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_read_uncrypt.php on line 9
diff --git a/src/tests/session_encryption/set_custom_session_handler.phpt b/src/tests/session_encryption/set_custom_session_handler.phpt
index 725ee43..1b81a04 100644
--- a/src/tests/session_encryption/set_custom_session_handler.phpt
+++ b/src/tests/session_encryption/set_custom_session_handler.phpt
@@ -4,7 +4,7 @@ Set a custom session handler
 <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_crypt_session.ini
-session.save_path = "/tmp"
+session.save_path="/tmp"
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/session_encryption/set_custom_session_handler2.phpt b/src/tests/session_encryption/set_custom_session_handler2.phpt
index 8cc6786..58b6595 100644
--- a/src/tests/session_encryption/set_custom_session_handler2.phpt
+++ b/src/tests/session_encryption/set_custom_session_handler2.phpt
@@ -4,7 +4,7 @@ Set a custom session handler, twice
 <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_crypt_session.ini
-session.save_path = "/tmp"
+session.save_path="/tmp"
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
-- 
cgit v1.3