From 4fafa8ae5a7bcd700f368bbe6016e0b0fb2cc892 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Wed, 27 Dec 2017 15:43:33 +0100
Subject: Implement simulation mode for cookies (de/en)cryption

This should close #102

This commit can be useful for two use-cases:

1. When deploying Snuffleupagus on big CMS like Magento, and not knowing
   what cookies are modified via javascript.
2. When deploying Snuffleupagus on big websites: you don't want to disconnect
   every single user at once.

When simulation is enabled, if the decryption fails, a log message is
now issued, and the cookie value taken as it (since odds are that it's
non-encrypted).
---
 src/sp_cookie_encryption.c | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

(limited to 'src/sp_cookie_encryption.c')

diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index c749040..04c864f 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -63,9 +63,17 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args,
 
   if (ZSTR_LEN(debase64) <
       crypto_secretbox_NONCEBYTES + crypto_secretbox_ZEROBYTES) {
-    sp_log_msg("cookie_encryption", SP_LOG_DROP,
-        "Buffer underflow tentative detected in cookie encryption handling.");
-    return ZEND_HASH_APPLY_REMOVE;
+    if (true == cookie->simulation) {
+      sp_log_msg("cookie_encryption", SP_LOG_SIMULATION,
+          "Buffer underflow tentative detected in cookie encryption handling "
+					"for %s. Using the cookie 'as it' instead of decrypting it.",
+					ZSTR_VAL(hash_key->key)); 
+      return ZEND_HASH_APPLY_KEEP;
+    } else {
+      sp_log_msg("cookie_encryption", SP_LOG_DROP,
+          "Buffer underflow tentative detected in cookie encryption handling.");
+      return ZEND_HASH_APPLY_REMOVE;
+    }
   }
 
   generate_key(key);
@@ -78,11 +86,18 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args,
       ZSTR_LEN(debase64) - crypto_secretbox_NONCEBYTES,
       (unsigned char *)ZSTR_VAL(debase64), key);
 
-  if (ret == -1) {
-    sp_log_msg("cookie_encryption", SP_LOG_DROP,
-      "Something went wrong with the decryption of %s.",
-               ZSTR_VAL(hash_key->key));
-    return ZEND_HASH_APPLY_REMOVE;
+  if (-1 == ret) {
+    if (true == cookie->simulation) {
+      sp_log_msg("cookie_encryption", SP_LOG_SIMULATION,
+        "Something went wrong with the decryption of %s. Using the cookie "
+        "'as it' instead of decrypting it", ZSTR_VAL(hash_key->key));
+      return ZEND_HASH_APPLY_KEEP;
+    } else {
+      sp_log_msg("cookie_encryption", SP_LOG_DROP,
+        "Something went wrong with the decryption of %s.",
+        ZSTR_VAL(hash_key->key));
+      return ZEND_HASH_APPLY_REMOVE;
+    }
   }
 
   ZVAL_STRINGL(pDest, (char *)(decrypted + crypto_secretbox_ZEROBYTES),
-- 
cgit v1.3