Skip to content

Commit e36691b

Browse files
devnexendevnexen
committed
Using random token
1 parent 612e3ba commit e36691b

File tree

2 files changed

+34
-7
lines changed

2 files changed

+34
-7
lines changed

ext/session/php_session.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,7 @@ typedef struct _php_ps_globals {
208208
#if defined(HAVE_OPENSSL_EXT)
209209
bool ssl_encrypt; /* encrypt the session data */
210210
zend_string *ssl_iv;
211+
zend_string *ssl_pw_tok;
211212
char *ssl_tag;
212213
char *ssl_method;
213214
zend_long ssl_method_len;

ext/session/session.c

Lines changed: 33 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@ zend_class_entry *php_session_id_iface_entry;
7474
zend_class_entry *php_session_update_timestamp_iface_entry;
7575

7676
#define PS_MAX_SID_LENGTH 256
77+
#define PW_TOK_LEN 32
7778

7879
/* ***********
7980
* Helpers *
@@ -118,6 +119,7 @@ static inline void php_rinit_session_globals(void) /* {{{ */
118119
PS(module_number) = my_module_number;
119120
#if defined(HAVE_OPENSSL_EXT)
120121
PS(ssl_iv) = NULL;
122+
PS(ssl_pw_tok) = NULL;
121123
#endif
122124
ZVAL_UNDEF(&PS(http_session_vars));
123125
}
@@ -151,6 +153,11 @@ static inline void php_rshutdown_session_globals(void) /* {{{ */
151153
zend_string_release_ex(PS(ssl_iv), 0);
152154
PS(ssl_iv) = NULL;
153155
}
156+
157+
if (PS(ssl_pw_tok)) {
158+
zend_string_release_ex(PS(ssl_pw_tok), 0);
159+
PS(ssl_pw_tok) = NULL;
160+
}
154161
#endif
155162

156163
/* User save handlers may end up directly here by misuse, bugs in user script, etc. */
@@ -480,8 +487,9 @@ static int php_session_initialize(void) /* {{{ */
480487
PS(ssl_encrypt) = 0;
481488
} else {
482489
zend_string *iv;
490+
zend_string *pw_tok;
483491
zend_long iv_len;
484-
zend_long ssl_tag_len = strlen(PS(ssl_tag));
492+
zend_long ssl_tag_len = PS(ssl_tag) ? strlen(PS(ssl_tag)) : 0;
485493

486494
if (PS(ssl_iv))
487495
zend_string_release_ex(PS(ssl_iv), 0);
@@ -496,14 +504,19 @@ static int php_session_initialize(void) /* {{{ */
496504
return FAILURE;
497505
}
498506

507+
if ((pw_tok = php_openssl_random_pseudo_bytes(PW_TOK_LEN)) == NULL) {
508+
php_error_docref(NULL, E_ERROR, "session token data failure");
509+
return FAILURE;
510+
}
511+
499512
if (!ssl_tag_len)
500513
PS(ssl_tag) = NULL;
501514
PS(ssl_tag_len) = ssl_tag_len;
502515

503-
ZSTR_VAL(iv)[iv_len] = 0;
504516
PS(ssl_method_len) = ssl_method_len;
505517
PS(ssl_iv) = iv;
506518
PS(ssl_iv_len) = iv_len;
519+
PS(ssl_pw_tok) = pw_tok;
507520
}
508521
}
509522
#endif
@@ -874,7 +887,6 @@ PHP_INI_BEGIN()
874887
STD_PHP_INI_ENTRY("session.ssl_tag", "", PHP_INI_ALL, OnUpdateSessionString, ssl_tag, php_ps_globals, ps_globals)
875888
#endif
876889

877-
/* Commented out until future discussion */
878890

879891
/* Upload progress */
880892
STD_PHP_INI_BOOLEAN("session.upload_progress.enabled",
@@ -888,9 +900,10 @@ PHP_INI_BEGIN()
888900
STD_PHP_INI_ENTRY("session.upload_progress.freq", "1%", ZEND_INI_PERDIR, OnUpdateRfc1867Freq, rfc1867_freq, php_ps_globals, ps_globals)
889901
STD_PHP_INI_ENTRY("session.upload_progress.min_freq",
890902
"1", ZEND_INI_PERDIR, OnUpdateReal, rfc1867_min_freq,php_ps_globals, ps_globals)
903+
/* Commented out until future discussion */
891904
/* PHP_INI_ENTRY("session.encode_sources", "globals,track", PHP_INI_ALL, NULL) */
892905
PHP_INI_END()
893-
/* }}} */
906+
/* }}} */
894907

895908
/* ***************
896909
* Serializers *
@@ -913,7 +926,7 @@ static int php_session_encrypt(smart_str *buf) /* {{{ */
913926
}
914927

915928
if ((buffer = php_openssl_encrypt(ZSTR_VAL(buf->s), buf->a, PS(ssl_method), PS(ssl_method_len),
916-
ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id)), 0, ZSTR_VAL(PS(ssl_iv)), PS(ssl_iv_len),
929+
ZSTR_VAL(PS(ssl_pw_tok)), PW_TOK_LEN, 0, ZSTR_VAL(PS(ssl_iv)), PS(ssl_iv_len),
917930
ztag, PS(ssl_tag_len), NULL, 0)) == NULL) {
918931
php_error_docref(NULL, E_WARNING, "Cannot encrypt the session data with method '%s', tag '%s'",
919932
PS(ssl_method), PS(ssl_tag));
@@ -939,7 +952,7 @@ static zend_string *php_session_decrypt(PS_SERIALIZER_DECODE_ARGS) /* {{{ */
939952
return NULL;
940953

941954
if ((buffer = php_openssl_decrypt((char *)val, vallen, PS(ssl_method), PS(ssl_method_len),
942-
ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id)), 0, ZSTR_VAL(PS(ssl_iv)), PS(ssl_iv_len),
955+
ZSTR_VAL(PS(ssl_pw_tok)), PW_TOK_LEN, 0, ZSTR_VAL(PS(ssl_iv)), PS(ssl_iv_len),
943956
PS(ssl_tag), PS(ssl_tag_len), NULL, 0)) == NULL) {
944957
php_error_docref(NULL, E_WARNING, "Cannot decrypt the session data with method '%s'",
945958
PS(ssl_method));
@@ -1010,7 +1023,7 @@ PS_SERIALIZER_DECODE_FUNC(php_serialize) /* {{{ */
10101023

10111024
return result || !vallen ? SUCCESS : FAILURE;
10121025
}
1013-
/* }}} */
1026+
/* }}} */
10141027

10151028
#define PS_BIN_NR_OF_BITS 8
10161029
#define PS_BIN_UNDEF (1<<(PS_BIN_NR_OF_BITS-1))
@@ -2411,6 +2424,19 @@ PHP_FUNCTION(session_regenerate_id)
24112424
}
24122425
zend_string_release_ex(PS(id), 0);
24132426
PS(id) = NULL;
2427+
#if defined(HAVE_OPENSSL_EXT)
2428+
if (PS(ssl_pw_tok)) {
2429+
zend_string_release_ex(PS(ssl_pw_tok), 0);
2430+
PS(ssl_pw_tok) = NULL;
2431+
}
2432+
2433+
PS(ssl_pw_tok) = php_openssl_random_pseudo_bytes(PW_TOK_LEN);
2434+
if (!PS(ssl_pw_tok)) {
2435+
PS(session_status) = php_session_none;
2436+
zend_throw_error(NULL, "Failed to create new session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
2437+
RETURN_FALSE;
2438+
}
2439+
#endif
24142440

24152441
if (PS(mod)->s_open(&PS(mod_data), PS(save_path), PS(session_name)) == FAILURE) {
24162442
PS(session_status) = php_session_none;

0 commit comments

Comments
 (0)