@@ -40,28 +40,20 @@ static int (*orig_header_handler)(sapi_header_struct *sapi_header, sapi_headers_
4040
4141char * suhosin_encrypt_single_cookie (char * name , int name_len , char * value , int value_len , char * key TSRMLS_DC )
4242{
43- char buffer [4096 ];
44- char buffer2 [4096 ];
45- char * buf = buffer , * buf2 = buffer2 , * d , * d_url ;
46- int l ;
47-
48- if (name_len > sizeof (buffer )- 2 ) {
49- buf = estrndup (name , name_len );
50- } else {
51- memcpy (buf , name , name_len );
52- buf [name_len ] = 0 ;
53- }
43+ char * buf , * buf2 , * d , * d_url ;
44+ int l ;
45+
46+ buf = estrndup (name , name_len );
47+
5448
5549 name_len = php_url_decode (buf , name_len );
56- normalize_varname (buf );
57- name_len = strlen (buf );
50+ normalize_varname (buf );
51+ name_len = strlen (buf );
5852
5953 if (SUHOSIN_G (cookie_plainlist )) {
6054 if (zend_hash_exists (SUHOSIN_G (cookie_plainlist ), buf , name_len + 1 )) {
6155encrypt_return_plain :
62- if (buf != buffer ) {
63- efree (buf );
64- }
56+ efree (buf );
6557 return estrndup (value , value_len );
6658 }
6759 } else if (SUHOSIN_G (cookie_cryptlist )) {
@@ -70,52 +62,34 @@ char *suhosin_encrypt_single_cookie(char *name, int name_len, char *value, int v
7062 }
7163 }
7264
73- if (strlen (value ) <= sizeof (buffer2 )- 2 ) {
74- memcpy (buf2 , value , value_len );
75- buf2 [value_len ] = 0 ;
76- } else {
77- buf2 = estrndup (value , value_len );
78- }
65+ buf2 = estrndup (value , value_len );
7966
8067 value_len = php_url_decode (buf2 , value_len );
8168
8269 d = suhosin_encrypt_string (buf2 , value_len , buf , name_len , key TSRMLS_CC );
8370 d_url = php_url_encode (d , strlen (d ), & l );
8471 efree (d );
85- if (buf != buffer ) {
86- efree (buf );
87- }
88- if (buf2 != buffer2 ) {
89- efree (buf2 );
90- }
72+ efree (buf );
73+ efree (buf2 );
9174 return d_url ;
9275}
9376
9477char * suhosin_decrypt_single_cookie (char * name , int name_len , char * value , int value_len , char * key , char * * where TSRMLS_DC )
9578{
96- char buffer [4096 ];
97- char buffer2 [4096 ];
9879 int o_name_len = name_len ;
99- char * buf = buffer , * buf2 = buffer2 , * d , * d_url ;
80+ char * buf , * buf2 , * d , * d_url ;
10081 int l ;
10182
102- if (name_len > sizeof (buffer )- 2 ) {
103- buf = estrndup (name , name_len );
104- } else {
105- memcpy (buf , name , name_len );
106- buf [name_len ] = 0 ;
107- }
108-
83+ buf = estrndup (name , name_len );
84+
10985 name_len = php_url_decode (buf , name_len );
110- normalize_varname (buf );
111- name_len = strlen (buf );
86+ normalize_varname (buf );
87+ name_len = strlen (buf );
11288
11389 if (SUHOSIN_G (cookie_plainlist )) {
11490 if (zend_hash_exists (SUHOSIN_G (cookie_plainlist ), buf , name_len + 1 )) {
11591decrypt_return_plain :
116- if (buf != buffer ) {
117- efree (buf );
118- }
92+ efree (buf );
11993 memcpy (* where , name , o_name_len );
12094 * where += o_name_len ;
12195 * * where = '=' ; * where += 1 ;
@@ -130,12 +104,7 @@ char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int v
130104 }
131105
132106
133- if (strlen (value ) <= sizeof (buffer2 )- 2 ) {
134- memcpy (buf2 , value , value_len );
135- buf2 [value_len ] = 0 ;
136- } else {
137- buf2 = estrndup (value , value_len );
138- }
107+ buf2 = estrndup (value , value_len );
139108
140109 value_len = php_url_decode (buf2 , value_len );
141110
@@ -152,12 +121,8 @@ char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int v
152121 * where += l ;
153122 efree (d_url );
154123skip_cookie :
155- if (buf != buffer ) {
156- efree (buf );
157- }
158- if (buf2 != buffer2 ) {
159- efree (buf2 );
160- }
124+ efree (buf );
125+ efree (buf2 );
161126 return * where ;
162127}
163128
0 commit comments