Fixed random generation of cookies and canaries

2024-09-21 18:07:23 +00:00 · 2006-12-18 11:39:19 +00:00 · 2006-12-18 11:39:19 +00:00 · 1763dc162d
commit 1763dc162d
parent 5fc3e649b6
3 changed files with 68 additions and 25 deletions
--- a/5
+++ b/5
@ -1,10 +1,13 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-14 Dec 2006, PHP 5.2.1RC1
+?? Dec 2006, PHP 5.2.1RC2
 - Added internal heap protection (Dmitry)
  . safe unlinking
  . cookies
  . canary protection (debug build only)
+  . random generation of cookies and canaries
+
+14 Dec 2006, PHP 5.2.1RC1
 - Added a meta tag to phpinfo() output to prevent search engines from indexing 
  the page. (Ilia)
 - Added new function, sys_get_temp_dir(). (Hartmut)
--- a/Zend/Zend.m4
+++ b/Zend/Zend.m4
@ -404,3 +404,10 @@ AC_DEFUN([LIBZEND_CPLUSPLUS_CHECKS],[

 ])

+AC_MSG_CHECKING(whether /dev/urandom exists) 
+if test -r "/dev/urandom" && test -c "/dev/urandom"; then 
+  AC_DEFINE([HAVE_DEV_URANDOM], 1, [Define if the target system has /dev/urandom device])
+  AC_MSG_RESULT(yes) 
+else 
+  AC_MSG_RESULT(no) 
+fi 
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@ -32,6 +32,13 @@
 # include <unistd.h>
 #endif

+#ifdef ZEND_WIN32
+# define _WIN32_WINNT 0x0400
+# include <wincrypt.h>
+# include <process.h>
+#endif
+
+
 #ifndef ZEND_USE_MALLOC_MM
 # define ZEND_USE_MALLOC_MM ZEND_DEBUG
 #endif
@ -712,6 +719,53 @@ static void zend_mm_free_cache(zend_mm_heap *heap)
 }
 #endif

+static void zend_mm_random(unsigned char *buf, size_t size)
+{
+	size_t i = 0;
+	unsigned char t;
+
+#ifdef ZEND_WIN32
+	HCRYPTPROV   hCryptProv;
+
+	if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {
+		do {
+			BOOL ret = CryptGenRandom(hCryptProv, size, buf);
+			CryptReleaseContext(hCryptProv, 0);
+			if (ret) {
+				while (i < size && buf[i] != 0) {
+					i++;
+				}
+				if (i == size) {
+				    return;
+				}
+		   }
+		} while (0);
+	}
+#elif defined(HAVE_DEV_URANDOM)
+	int fd = open("/dev/urandom", 0);
+
+	if (fd >= 0) {
+		if (read(fd, buf, size) == size) {
+			while (i < size && buf[i] != 0) {
+				i++;
+			}
+			if (i == size) {
+				close(fd);
+			    return;
+			}
+		}
+		close(fd);
+	}
+#endif
+	t = (unsigned char)getpid();
+	while (i < size) {
+		do {
+			buf[i] = ((unsigned char)rand()) ^ t;
+		} while (buf[i] == 0);
+		t = buf[i++] << 1;
+    }
+}
+
 /* Notes:
 * - This function may alter the block_sizes values to match platform alignment
 * - This function does *not* perform sanity checks on the arguments
@ -741,36 +795,15 @@ ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers,

 #if ZEND_MM_HEAP_PROTECTION
 	if (_mem_block_start_magic == 0) {
-		int r;
-		do {
-			r = rand();
-		} while (!(r&0xff000000) ||
-		         !(r&0x00ff0000) ||
-		         !(r&0x0000ff00) ||
-		         !(r&0x000000ff));
-		_mem_block_start_magic = r;
+		zend_mm_random((unsigned char*)&_mem_block_start_magic, sizeof(_mem_block_start_magic));
 	}
 	if (_mem_block_end_magic == 0) {
-		int r;
-		do {
-			r = rand();
-		} while (!(r&0xff000000) ||
-		         !(r&0x00ff0000) ||
-		         !(r&0x0000ff00) ||
-		         !(r&0x000000ff));
-		_mem_block_end_magic = r;
+		zend_mm_random((unsigned char*)&_mem_block_end_magic, sizeof(_mem_block_end_magic));
 	}
 #endif
 #if ZEND_MM_COOKIES
 	if (_zend_mm_cookie == 0) {
-		int r;
-		do {
-			r = rand();
-		} while (!(r&0xff000000) ||
-		         !(r&0x00ff0000) ||
-		         !(r&0x0000ff00) ||
-		         !(r&0x000000ff));
-		_zend_mm_cookie = r;
+		zend_mm_random((unsigned char*)&_zend_mm_cookie, sizeof(_zend_mm_cookie));
 	}
 #endif