dmitry Mon Dec 18 11:39:34 2006 UTC
Modified files:
/ZendEngine2 Zend.m4 zend_alloc.c
Log:
Fixed random generation of cookies and canaries
http://cvs.php.net/viewvc.cgi/ZendEngine2/Zend.m4?r1=1.62&r2=1.63&diff_format=u
Index: ZendEngine2/Zend.m4
diff -u ZendEngine2/Zend.m4:1.62 ZendEngine2/Zend.m4:1.63
--- ZendEngine2/Zend.m4:1.62 Thu Sep 14 09:59:23 2006
+++ ZendEngine2/Zend.m4 Mon Dec 18 11:39:34 2006
@@ -1,5 +1,5 @@
dnl
-dnl $Id: Zend.m4,v 1.62 2006/09/14 09:59:23 dmitry Exp $
+dnl $Id: Zend.m4,v 1.63 2006/12/18 11:39:34 dmitry Exp $
dnl
dnl This file contains Zend specific autoconf functions.
dnl
@@ -390,3 +390,10 @@
])
+AC_MSG_CHECKING(whether /dev/urandom exists)
+if test -r "/dev/urandom" && test -c "/dev/urandom"; then
+ AC_DEFINE([HAVE_DEV_URANDOM], 1, [Define if the target system has
/dev/urandom device])
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.176&r2=1.177&diff_format=u
Index: ZendEngine2/zend_alloc.c
diff -u ZendEngine2/zend_alloc.c:1.176 ZendEngine2/zend_alloc.c:1.177
--- ZendEngine2/zend_alloc.c:1.176 Fri Dec 15 22:47:09 2006
+++ ZendEngine2/zend_alloc.c Mon Dec 18 11:39:34 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: zend_alloc.c,v 1.176 2006/12/15 22:47:09 andrei Exp $ */
+/* $Id: zend_alloc.c,v 1.177 2006/12/18 11:39:34 dmitry Exp $ */
#include "zend.h"
#include "zend_alloc.h"
@@ -32,6 +32,13 @@
# include <unistd.h>
#endif
+#ifdef ZEND_WIN32
+# define _WIN32_WINNT 0x0400
+# include <wincrypt.h>
+# include <process.h>
+#endif
+
+
#ifndef ZEND_USE_MALLOC_MM
# define ZEND_USE_MALLOC_MM ZEND_DEBUG
#endif
@@ -712,6 +719,53 @@
}
#endif
+static void zend_mm_random(unsigned char *buf, size_t size)
+{
+ size_t i = 0;
+ unsigned char t;
+
+#ifdef ZEND_WIN32
+ HCRYPTPROV hCryptProv;
+
+ if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {
+ do {
+ BOOL ret = CryptGenRandom(hCryptProv, size, buf);
+ CryptReleaseContext(hCryptProv, 0);
+ if (ret) {
+ while (i < size && buf[i] != 0) {
+ i++;
+ }
+ if (i == size) {
+ return;
+ }
+ }
+ } while (0);
+ }
+#elif defined(HAVE_DEV_URANDOM)
+ int fd = open("/dev/urandom", 0);
+
+ if (fd >= 0) {
+ if (read(fd, buf, size) == size) {
+ while (i < size && buf[i] != 0) {
+ i++;
+ }
+ if (i == size) {
+ close(fd);
+ return;
+ }
+ }
+ close(fd);
+ }
+#endif
+ t = (unsigned char)getpid();
+ while (i < size) {
+ do {
+ buf[i] = ((unsigned char)rand()) ^ t;
+ } while (buf[i] == 0);
+ t = buf[i++] << 1;
+ }
+}
+
/* Notes:
* - This function may alter the block_sizes values to match platform alignment
* - This function does *not* perform sanity checks on the arguments
@@ -739,36 +793,15 @@
#if ZEND_MM_HEAP_PROTECTION
if (_mem_block_start_magic == 0) {
- int r;
- do {
- r = rand();
- } while (!(r&0xff000000) ||
- !(r&0x00ff0000) ||
- !(r&0x0000ff00) ||
- !(r&0x000000ff));
- _mem_block_start_magic = r;
+ zend_mm_random((unsigned char*)&_mem_block_start_magic,
sizeof(_mem_block_start_magic));
}
if (_mem_block_end_magic == 0) {
- int r;
- do {
- r = rand();
- } while (!(r&0xff000000) ||
- !(r&0x00ff0000) ||
- !(r&0x0000ff00) ||
- !(r&0x000000ff));
- _mem_block_end_magic = r;
+ zend_mm_random((unsigned char*)&_mem_block_end_magic,
sizeof(_mem_block_end_magic));
}
#endif
#if ZEND_MM_COOKIES
if (_zend_mm_cookie == 0) {
- int r;
- do {
- r = rand();
- } while (!(r&0xff000000) ||
- !(r&0x00ff0000) ||
- !(r&0x0000ff00) ||
- !(r&0x000000ff));
- _zend_mm_cookie = r;
+ zend_mm_random((unsigned char*)&_zend_mm_cookie,
sizeof(_zend_mm_cookie));
}
#endif
--
Zend Engine CVS Mailing List (http://cvs.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
|
