From 9f5e8d12f05fb24c915a5266a1e908a75c8aed08 Mon Sep 17 00:00:00 2001 From: Thibault "bui" Koechlin Date: Thu, 28 Dec 2017 17:04:06 +0100 Subject: Clang-format pass - `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu*.c sp_*.c sp_*.h` - Update the documentation accordingly--- src/sp_cookie_encryption.c | 79 ++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 34 deletions(-) (limited to 'src/sp_cookie_encryption.c') diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 4e9818f..6abc20a 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c @@ -10,12 +10,12 @@ static inline void generate_key(unsigned char *key) { PHP_SHA256_CTX ctx; const char *user_agent = getenv("HTTP_USER_AGENT"); const char *env_var = - getenv(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var); + getenv(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var); const char *encryption_key = SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key; - assert(32 == crypto_secretbox_KEYBYTES); // 32 is the size of a SHA256. - assert(encryption_key); // Encryption key can't be NULL + assert(32 == crypto_secretbox_KEYBYTES); // 32 is the size of a SHA256. + assert(encryption_key); // Encryption key can't be NULL PHP_SHA256Init(&ctx); @@ -24,11 +24,12 @@ static inline void generate_key(unsigned char *key) { } if (env_var) { - PHP_SHA256Update(&ctx, (unsigned char*)env_var, strlen(env_var)); + PHP_SHA256Update(&ctx, (unsigned char *)env_var, strlen(env_var)); } else { - sp_log_err("cookie_encryption", "The environment variable '%s'" - "is empty, cookies are weakly encrypted.", - SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var); + sp_log_err("cookie_encryption", + "The environment variable '%s'" + "is empty, cookies are weakly encrypted.", + SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var); } if (encryption_key) { @@ -41,9 +42,9 @@ static inline void generate_key(unsigned char *key) { static inline const sp_cookie *sp_lookup_cookie_config(const char *key) { sp_list_node *it = SNUFFLEUPAGUS_G(config).config_cookie->cookies; - + while (it) { - const sp_cookie *config = it->data; + const sp_cookie *config = it->data; if (config && sp_match_value(key, config->name, config->name_r)) { return config; } @@ -60,7 +61,7 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, unsigned char *decrypted; const sp_cookie *cookie = sp_lookup_cookie_config(ZSTR_VAL(hash_key->key)); int ret = 0; - + /* If the cookie isn't in the conf, it shouldn't be encrypted. */ if (!cookie || !cookie->encrypt) { return ZEND_HASH_APPLY_KEEP; @@ -72,18 +73,20 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, } debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), - Z_STRLEN_P(pDest)); + Z_STRLEN_P(pDest)); if (ZSTR_LEN(debase64) < crypto_secretbox_NONCEBYTES + crypto_secretbox_ZEROBYTES) { if (true == cookie->simulation) { - sp_log_msg("cookie_encryption", SP_LOG_SIMULATION, + sp_log_msg( + "cookie_encryption", SP_LOG_SIMULATION, "Buffer underflow tentative detected in cookie encryption handling " - "for %s. Using the cookie 'as it' instead of decrypting it.", - ZSTR_VAL(hash_key->key)); + "for %s. Using the cookie 'as it' instead of decrypting it.", + ZSTR_VAL(hash_key->key)); return ZEND_HASH_APPLY_KEEP; } else { - sp_log_msg("cookie_encryption", SP_LOG_DROP, + sp_log_msg( + "cookie_encryption", SP_LOG_DROP, "Buffer underflow tentative detected in cookie encryption handling."); return ZEND_HASH_APPLY_REMOVE; } @@ -101,14 +104,16 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, if (-1 == ret) { if (true == cookie->simulation) { - sp_log_msg("cookie_encryption", SP_LOG_SIMULATION, - "Something went wrong with the decryption of %s. Using the cookie " - "'as it' instead of decrypting it", ZSTR_VAL(hash_key->key)); + sp_log_msg( + "cookie_encryption", SP_LOG_SIMULATION, + "Something went wrong with the decryption of %s. Using the cookie " + "'as it' instead of decrypting it", + ZSTR_VAL(hash_key->key)); return ZEND_HASH_APPLY_KEEP; } else { sp_log_msg("cookie_encryption", SP_LOG_DROP, - "Something went wrong with the decryption of %s.", - ZSTR_VAL(hash_key->key)); + "Something went wrong with the decryption of %s.", + ZSTR_VAL(hash_key->key)); return ZEND_HASH_APPLY_REMOVE; } } @@ -127,7 +132,8 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, */ static zend_string *encrypt_data(char *data, unsigned long long data_len) { const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1; - const size_t emsg_and_nonce_len = encrypted_msg_len + crypto_secretbox_NONCEBYTES; + const size_t emsg_and_nonce_len = + encrypted_msg_len + crypto_secretbox_NONCEBYTES; unsigned char key[crypto_secretbox_KEYBYTES] = {0}; unsigned char nonce[crypto_secretbox_NONCEBYTES] = {0}; @@ -149,7 +155,7 @@ static zend_string *encrypt_data(char *data, unsigned long long data_len) { } } nonce_d++; - sscanf((char*)nonce, "%ld", &nonce_d); + sscanf((char *)nonce, "%ld", &nonce_d); memcpy(encrypted_data, nonce, crypto_secretbox_NONCEBYTES); crypto_secretbox(encrypted_data + crypto_secretbox_NONCEBYTES, @@ -161,15 +167,15 @@ static zend_string *encrypt_data(char *data, unsigned long long data_len) { } PHP_FUNCTION(sp_setcookie) { - zval params[7] = { 0 }; - zend_string *name = NULL, *value = NULL, *path = NULL, *domain = NULL, *samesite = NULL; + zval params[7] = {0}; + zend_string *name = NULL, *value = NULL, *path = NULL, *domain = NULL, + *samesite = NULL; zend_long expires = 0; zend_bool secure = 0, httponly = 0; const sp_cookie *cookie_node = NULL; zval func_name; char *cookie_samesite; - // LCOV_EXCL_BR_START ZEND_PARSE_PARAMETERS_START(1, 7) Z_PARAM_STR(name) @@ -197,7 +203,7 @@ PHP_FUNCTION(sp_setcookie) { /* lookup existing configuration for said cookie */ cookie_node = sp_lookup_cookie_config(ZSTR_VAL(name)); - + /* If the cookie's value is encrypted, it won't be usable by * javascript anyway. */ @@ -233,12 +239,15 @@ PHP_FUNCTION(sp_setcookie) { if (!path) { path = zend_string_init("", 0, 0); } - cookie_samesite = (cookie_node->samesite == lax) ? SAMESITE_COOKIE_FORMAT SP_TOKEN_SAMESITE_LAX - : SAMESITE_COOKIE_FORMAT SP_TOKEN_SAMESITE_STRICT; + cookie_samesite = (cookie_node->samesite == lax) + ? SAMESITE_COOKIE_FORMAT SP_TOKEN_SAMESITE_LAX + : SAMESITE_COOKIE_FORMAT SP_TOKEN_SAMESITE_STRICT; /* Concatenating everything, as is in PHP internals */ samesite = zend_string_init(ZSTR_VAL(path), ZSTR_LEN(path), 0); - samesite = zend_string_extend(samesite, ZSTR_LEN(path) + strlen(cookie_samesite) + 1, 0); - memcpy(ZSTR_VAL(samesite) + ZSTR_LEN(path), cookie_samesite, strlen(cookie_samesite) + 1); + samesite = zend_string_extend( + samesite, ZSTR_LEN(path) + strlen(cookie_samesite) + 1, 0); + memcpy(ZSTR_VAL(samesite) + ZSTR_LEN(path), cookie_samesite, + strlen(cookie_samesite) + 1); ZVAL_STR_COPY(¶ms[3], samesite); } else if (path) { ZVAL_STR_COPY(¶ms[3], path); @@ -250,20 +259,22 @@ PHP_FUNCTION(sp_setcookie) { This is why were replacing our hook with the original function, calling the function, and then re-hooking it. */ void (*handler)(INTERNAL_FUNCTION_PARAMETERS); - handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), "setcookie", - strlen("setcookie")); + handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), + "setcookie", strlen("setcookie")); zend_internal_function *func = zend_hash_str_find_ptr( CG(function_table), "setcookie", strlen("setcookie")); func->handler = handler; - call_user_function(CG(function_table), NULL, &func_name, return_value, 7, params); + call_user_function(CG(function_table), NULL, &func_name, return_value, 7, + params); func->handler = PHP_FN(sp_setcookie); RETURN_TRUE; } int hook_cookies() { - HOOK_FUNCTION("setcookie", sp_internal_functions_hook, PHP_FN(sp_setcookie), false); + HOOK_FUNCTION("setcookie", sp_internal_functions_hook, PHP_FN(sp_setcookie), + false); return SUCCESS; } -- cgit v1.3