Using random token

devnexen · devnexen · commit a658ded0a7f0 · 2022-05-19T20:11:31.000+01:00
diff --git a/ext/session/php_session.h b/ext/session/php_session.h
@@ -208,6 +208,7 @@ typedef struct _php_ps_globals {
 #if defined(HAVE_OPENSSL_EXT)
 	bool ssl_encrypt; /* encrypt the session data */
 	zend_string *ssl_iv;
+	zend_string *ssl_pw_tok;
 	char *ssl_tag;
 	char *ssl_method;
 	zend_long ssl_method_len;
diff --git a/ext/session/session.c b/ext/session/session.c
@@ -74,6 +74,7 @@ zend_class_entry *php_session_id_iface_entry;
 zend_class_entry *php_session_update_timestamp_iface_entry;
 
 #define PS_MAX_SID_LENGTH 256
+#define PW_TOK_LEN 32
 
 /* ***********
    * Helpers *
@@ -118,6 +119,7 @@ static inline void php_rinit_session_globals(void) /* {{{ */
 	PS(module_number) = my_module_number;
 #if defined(HAVE_OPENSSL_EXT)
 	PS(ssl_iv) = NULL;
+	PS(ssl_pw_tok) = NULL;
 #endif
 	ZVAL_UNDEF(&PS(http_session_vars));
 }
@@ -151,6 +153,11 @@ static inline void php_rshutdown_session_globals(void) /* {{{ */
 		zend_string_release_ex(PS(ssl_iv), 0);
 		PS(ssl_iv) = NULL;
 	}
+
+	if (PS(ssl_pw_tok)) {
+		zend_string_release_ex(PS(ssl_pw_tok), 0);
+		PS(ssl_pw_tok) = NULL;
+	}
 #endif
 
 	/* User save handlers may end up directly here by misuse, bugs in user script, etc. */
@@ -480,8 +487,9 @@ static int php_session_initialize(void) /* {{{ */
 			PS(ssl_encrypt) = 0;
 		} else {
 			zend_string *iv;
+			zend_string *pw_tok;
 			zend_long iv_len;
-			zend_long ssl_tag_len = strlen(PS(ssl_tag));
+			zend_long ssl_tag_len = PS(ssl_tag) ? strlen(PS(ssl_tag)) : 0;
 
 			if (PS(ssl_iv))
 				zend_string_release_ex(PS(ssl_iv), 0);
@@ -496,14 +504,19 @@ static int php_session_initialize(void) /* {{{ */
 				return FAILURE;
 			}
 
+			if ((pw_tok = php_openssl_random_pseudo_bytes(PW_TOK_LEN)) == NULL) {
+				php_error_docref(NULL, E_ERROR, "session token data failure");
+				return FAILURE;
+			}
+
 			if (!ssl_tag_len)
 				PS(ssl_tag) = NULL;
 			PS(ssl_tag_len) = ssl_tag_len;
 
-			ZSTR_VAL(iv)[iv_len] = 0;
 			PS(ssl_method_len) = ssl_method_len;
 			PS(ssl_iv) = iv;
 			PS(ssl_iv_len) = iv_len;
+			PS(ssl_pw_tok) = pw_tok;
 		}
 	}
 #endif
@@ -874,7 +887,6 @@ PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("session.ssl_tag",            "",          PHP_INI_ALL, OnUpdateSessionString,      ssl_tag,           php_ps_globals,    ps_globals)
 #endif
 
-	/* Commented out until future discussion */
 
 	/* Upload progress */
 	STD_PHP_INI_BOOLEAN("session.upload_progress.enabled",
@@ -888,9 +900,10 @@ PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("session.upload_progress.freq",  "1%", ZEND_INI_PERDIR, OnUpdateRfc1867Freq, rfc1867_freq,    php_ps_globals, ps_globals)
 	STD_PHP_INI_ENTRY("session.upload_progress.min_freq",
 	                                                   "1",  ZEND_INI_PERDIR, OnUpdateReal,        rfc1867_min_freq,php_ps_globals, ps_globals)
+	/* Commented out until future discussion */
 	/* PHP_INI_ENTRY("session.encode_sources", "globals,track", PHP_INI_ALL, NULL) */
 PHP_INI_END()
-/* }}} */  
+/* }}} */
 
 /* ***************
    * Serializers *
@@ -913,15 +926,14 @@ static int php_session_encrypt(smart_str *buf) /* {{{ */
 	}
 
 	if ((buffer = php_openssl_encrypt(ZSTR_VAL(buf->s), buf->a, PS(ssl_method), PS(ssl_method_len),
-					ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id)), 0, ZSTR_VAL(PS(ssl_iv)), PS(ssl_iv_len),
+					ZSTR_VAL(PS(ssl_pw_tok)), PW_TOK_LEN, 0, ZSTR_VAL(PS(ssl_iv)), PS(ssl_iv_len),
 					ztag, PS(ssl_tag_len), NULL, 0)) == NULL) {
 		php_error_docref(NULL, E_WARNING, "Cannot encrypt the session data with method '%s', tag '%s'",
 						PS(ssl_method), PS(ssl_tag));
 		efree(ztag);
 		return FAILURE;
 	} 
 
-	smart_str_free(buf);
 	res.s = zend_string_dup(buffer, 0);
 	res.a = ZSTR_LEN(buffer);
 	*buf = res;
@@ -939,7 +951,7 @@ static zend_string *php_session_decrypt(PS_SERIALIZER_DECODE_ARGS) /* {{{ */
 		return NULL;
 
 	if ((buffer = php_openssl_decrypt((char *)val, vallen, PS(ssl_method), PS(ssl_method_len),
-					ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id)), 0, ZSTR_VAL(PS(ssl_iv)), PS(ssl_iv_len),
+					ZSTR_VAL(PS(ssl_pw_tok)), PW_TOK_LEN, 0, ZSTR_VAL(PS(ssl_iv)), PS(ssl_iv_len),
 					PS(ssl_tag), PS(ssl_tag_len), NULL, 0)) == NULL) {
 		php_error_docref(NULL, E_WARNING, "Cannot decrypt the session data with method '%s'",
 						PS(ssl_method));
@@ -1010,7 +1022,7 @@ PS_SERIALIZER_DECODE_FUNC(php_serialize) /* {{{ */
 
 	return result || !vallen ? SUCCESS : FAILURE;
 }
-/* }}} */ 
+/* }}} */
 
 #define PS_BIN_NR_OF_BITS 8
 #define PS_BIN_UNDEF (1<<(PS_BIN_NR_OF_BITS-1))
@@ -2411,6 +2423,19 @@ PHP_FUNCTION(session_regenerate_id)
 	}
 	zend_string_release_ex(PS(id), 0);
 	PS(id) = NULL;
+#if defined(HAVE_OPENSSL_EXT)
+    if (PS(ssl_pw_tok)) {
+        zend_string_release_ex(PS(ssl_pw_tok), 0);
+        PS(ssl_pw_tok) = NULL;
+    }
+
+	PS(ssl_pw_tok) = php_openssl_random_pseudo_bytes(PW_TOK_LEN);
+	if (!PS(ssl_pw_tok)) {
+		PS(session_status) = php_session_none;
+		zend_throw_error(NULL, "Failed to create new session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
+		RETURN_FALSE;
+	}
+#endif
 
 	if (PS(mod)->s_open(&PS(mod_data), PS(save_path), PS(session_name)) == FAILURE) {
 		PS(session_status) = php_session_none;
