From d4e010846d9d8db8bf6e1fec9a2c39ed762e257d Mon Sep 17 00:00:00 2001
From: Christian Göttsche
Date: Wed, 25 Jun 2025 11:43:58 +0200
Subject: Do not crash on no cookie hash key

Do not dereference the hash key for cookie encryption if it's NULL:

    Program terminated with signal SIGSEGV, Segmentation fault.
    #0  zend_string_equal_content (s1=0x79bdb92170f0, s2=0x0) at /usr/include/php/20240924/Zend/zend_string.h:386
    No locals.
    #1  zend_string_equals (s1=0x79bdb92170f0, s2=0x0) at /usr/include/php/20240924/Zend/zend_string.h:391
    No locals.
    #2  sp_match_value (value=0x0, to_match=0x79bdb92170f0, rx=0x0) at ./src/sp_utils.c:273
    No locals.
    #3  0x00007989377b0709 in sp_lookup_cookie_config (key=0x0) at ./src/sp_cookie_encryption.c:8
            config = 0x79bdb92158d0
            it = 0x79ae80dabd00
            it = <optimized out>
            config = <optimized out>
    #4  decrypt_cookie (pDest=0x79893b6787c0, num_args=<optimized out>, args=<optimized out>, hash_key=0x7ffe657c3880) at ./src/sp_cookie_encryption.c:19
            cookie = <optimized out>
    #5  0x000061875aac52df in zend_hash_apply_with_arguments ()
    No symbol table info available.
    #6  0x00007989377ae74b in zm_activate_snuffleupagus (type=<optimized out>, module_number=<optimized out>) at ./src/snuffleupagus.c:228
            config_wrapper = 0x7989377c3490 <snuffleupagus_globals+144>
    #7  0x000061875aa21710 in zend_activate_modules ()
    No symbol table info available.
    #8  0x000061875a9a7f18 in php_request_startup ()
    No symbol table info available.
---
 src/sp_cookie_encryption.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index 8b24a9c..c833f94 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -16,7 +16,15 @@ static inline const sp_cookie *sp_lookup_cookie_config(const zend_string *key) {
 /* called at RINIT time with each cookie, eventually decrypt said cookie */
 int decrypt_cookie(zval *pDest, int num_args, va_list args,
                    zend_hash_key *hash_key) {
-  const sp_cookie *cookie = sp_lookup_cookie_config(hash_key->key);
+  const zend_string *key = hash_key->key;
+  const sp_cookie *cookie;
+
+  /* If there is no key, it shouldn't be encrypted. */
+  if (!key) {
+    return ZEND_HASH_APPLY_KEEP;
+  }
+
+  cookie = sp_lookup_cookie_config(key);
 
   /* If the cookie isn't in the conf, it shouldn't be encrypted. */
   if (!cookie || !cookie->encrypt) {
-- 
cgit v1.3