diff options
| author | Scott <scott@paragonie.com> | 2016-01-28 11:43:29 -0500 |
|---|---|---|
| committer | Scott <scott@paragonie.com> | 2016-01-28 11:43:29 -0500 |
| commit | 144415fe86991730ac53e727abf3701b60295607 (patch) | |
| tree | f7dafb35ad234172595985c631df774ca8308313 | |
| parent | 1f0018fd968b41bda5a53bdec21a09880e645c6e (diff) | |
| download | random_compat-144415fe86991730ac53e727abf3701b60295607.zip random_compat-144415fe86991730ac53e727abf3701b60295607.tar.gz random_compat-144415fe86991730ac53e727abf3701b60295607.tar.bz2 | |
Proposed fix for open_basedir madness
| -rw-r--r-- | ERRATA.md | 2 | ||||
| -rw-r--r-- | lib/random.php | 60 |
2 files changed, 47 insertions, 15 deletions
@@ -6,7 +6,7 @@ The order is: 1. `libsodium if available` 2. `fread() /dev/urandom if available` - 3. `mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)` + 3. `mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)` 4. `COM('CAPICOM.Utilities.1')->GetRandom()` 5. `openssl_random_pseudo_bytes()` diff --git a/lib/random.php b/lib/random.php index 4b0d262..81ac023 100644 --- a/lib/random.php +++ b/lib/random.php @@ -50,7 +50,7 @@ if (PHP_VERSION_ID < 70000) { * In order of preference: * 1. Use libsodium if available. * 2. fread() /dev/urandom if available (never on Windows) - * 3. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV) + * 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM) * 4. COM('CAPICOM.Utilities.1')->GetRandom() * 5. openssl_random_pseudo_bytes() (absolute last resort) * @@ -64,23 +64,47 @@ if (PHP_VERSION_ID < 70000) { require_once $RandomCompatDIR.'/random_bytes_libsodium_legacy.php'; } } - if ( - !function_exists('random_bytes') && - DIRECTORY_SEPARATOR === '/' && - @is_readable('/dev/urandom') - ) { + /** + * Reading directly from /dev/urandom: + */ + if (DIRECTORY_SEPARATOR === '/') { // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast // way to exclude Windows. - // - // Error suppression on is_readable() in case of an open_basedir or - // safe_mode failure. All we care about is whether or not we can - // read it at this point. If the PHP environment is going to panic - // over trying to see if the file can be read in the first place, - // that is not helpful to us here. - - // See random_bytes_dev_urandom.php + $RandomCompatUrandom = true; + $RandomCompat_basedir = ini_get('open_basedir'); + if (!empty($RandomCompat_basedir)) { + $RandomCompat_open_basedir = explode( + PATH_SEPARATOR, + strtolower($RandomCompat_basedir) + ); + $RandomCompatUrandom = in_array( + '/dev', + $RandomCompat_open_basedir + ); + $RandomCompat_open_basedir = null; + } + if ( + !function_exists('random_bytes') && + $RandomCompatUrandom && + @is_readable('/dev/urandom') + ) { + // Error suppression on is_readable() in case of an open_basedir + // or safe_mode failure. All we care about is whether or not we + // can read it at this point. If the PHP environment is going to + // panic over trying to see if the file can be read in the first + // place, that is not helpful to us here. + + // See random_bytes_dev_urandom.php require_once $RandomCompatDIR.'/random_bytes_dev_urandom.php'; } + // Unset variables after use + $RandomCompatUrandom = null; + $RandomCompat_basedir = null; + } + + /** + * mcrypt_create_iv() + */ if ( !function_exists('random_bytes') && PHP_VERSION_ID >= 50307 && @@ -113,6 +137,10 @@ if (PHP_VERSION_ID < 70000) { $RandomCompat_disabled_classes = null; $RandomCompatCOMtest = null; } + + /** + * openssl_random_pseudo_bytes() + */ if ( !function_exists('random_bytes') && extension_loaded('openssl') && @@ -129,6 +157,10 @@ if (PHP_VERSION_ID < 70000) { // See random_bytes_openssl.php require_once $RandomCompatDIR.'/random_bytes_openssl.php'; } + + /** + * throw new Exception + */ if (!function_exists('random_bytes')) { /** * We don't have any more options, so let's throw an exception right now |