From 36c06637ad262f0e5fc0c8e70f4c1fc6a565f056 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sun, 1 Oct 2017 20:54:03 +0200
Subject: First pass for #9

---
 src/sp_cookie_encryption.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'src/sp_cookie_encryption.c')

diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index a47f6e1..69c438d 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -9,7 +9,8 @@ static unsigned int nonce_d = 0;
 static inline void generate_key(unsigned char *key) {
   PHP_SHA256_CTX ctx;
   const char *user_agent = sp_getenv("HTTP_USER_AGENT");
-  const char *remote_addr = sp_getenv("REMOTE_ADDR");
+  const char *env_var =
+    sp_getenv(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var);
   const char *encryption_key =
       SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key;
 
@@ -22,10 +23,8 @@ static inline void generate_key(unsigned char *key) {
     PHP_SHA256Update(&ctx, (unsigned char *)user_agent, strlen(user_agent));
   }
 
-  if (remote_addr) {
-    char out[128];
-	  apply_mask_on_ip(out, remote_addr);
-    PHP_SHA256Update(&ctx, (unsigned char*)out, sizeof(out));
+  if (env_var) {
+    PHP_SHA256Update(&ctx, (unsigned char*)env_var, strlen(env_var));
   }
 
   if (encryption_key) {
@@ -115,8 +114,11 @@ static zend_string *encrypt_data(char *data, unsigned long long data_len) {
 
   assert(sizeof(size_t) <= crypto_secretbox_NONCEBYTES);
 
+  if (0 == nonce_d) {
+    nonce_d = getpid();
+  }
   nonce_d++;
-  sscanf((char*)nonce, "%ud", &nonce_d); 
+  sscanf((char*)nonce, "%ud", &nonce_d);
 
   memcpy(encrypted_data, nonce, crypto_secretbox_NONCEBYTES);
   crypto_secretbox(encrypted_data + crypto_secretbox_NONCEBYTES,
-- 
cgit v1.3