From 0988660cc2f5d194468f81fab48160c0f9b253dc Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sat, 15 Dec 2018 14:30:32 +0000
Subject: Improve simulation mode for session cookies (#259)

Since decrypt_zval doesn't provide a way to tell apart failed and successful decryption when used in simulation mode, we'll have to restore the original value if something goes wrong, because crypto_secretbox_open might modify the value.---
 src/sp_session.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

(limited to 'src/sp_session.c')

diff --git a/src/sp_session.c b/src/sp_session.c
index 550b83d..b3db622 100644
--- a/src/sp_session.c
+++ b/src/sp_session.c
@@ -30,19 +30,18 @@ static int sp_hook_s_read(PS_READ_ARGS) {
   const sp_config_session *config_session =
       SNUFFLEUPAGUS_G(config).config_session;
 
-  if (r == SUCCESS && config_session->encrypt && val != NULL && *val != NULL &&
-      ZSTR_LEN(*val)) {
+  if ((NULL == val) || (NULL == *val) || (0 == ZSTR_LEN(*val))) {
+    return r;
+  }
+
+  if (r == SUCCESS && config_session->encrypt) {
     zend_string *orig_val = *val;
     zval val_zval;
     ZVAL_PSTRINGL(&val_zval, ZSTR_VAL(*val), ZSTR_LEN(*val));
 
     int ret = decrypt_zval(&val_zval, config_session->simulation, NULL);
-    if (0 != ret) {
-      if (config_session->simulation) {
-        return ret;
-      } else {
-        zend_bailout();
-      }
+    if (ZEND_HASH_APPLY_KEEP != ret) {
+      zend_bailout();
     }
 
     *val = zend_string_dup(val_zval.value.str, 0);
-- 
cgit v1.3