From 451d23a2c67694d3ac7ecb602c34da23a227f1f9 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Tue, 19 Dec 2017 14:54:47 +0100
Subject: Rework a bit the order of operation

- There is no need to generate the key if the cookie has no value
- There is no need to generate the key if the cookie length is invalid
- Use yoda condition
---
 src/sp_cookie_encryption.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'src/sp_cookie_encryption.c')

diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index 9e585c5..2bb305f 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -53,13 +53,13 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args,
     return ZEND_HASH_APPLY_KEEP;
   }
 
-  generate_key(key);
-
-  if (Z_STRLEN_P(pDest) == 0) {
+	/* If the cookie has no value, it shouldn't be encrypted. */
+  if (0 == Z_STRLEN_P(pDest)) {
     return ZEND_HASH_APPLY_KEEP;
   }
 
-  debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), Z_STRLEN_P(pDest));
+  debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)),
+			Z_STRLEN_P(pDest));
 
   if (ZSTR_LEN(debase64) <
       crypto_secretbox_NONCEBYTES + crypto_secretbox_ZEROBYTES) {
@@ -68,6 +68,8 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args,
     return ZEND_HASH_APPLY_REMOVE;
   }
 
+  generate_key(key);
+
   decrypted = pecalloc(ZSTR_LEN(debase64), 1, 0);
 
   ret = crypto_secretbox_open(
-- 
cgit v1.3