Fixed random generation of cookies and canaries

author Dmitry Stogov <dmitry@php.net>

Mon, 18 Dec 2006 11:39:19 +0000 (11:39 +0000)

committer Dmitry Stogov <dmitry@php.net>

Mon, 18 Dec 2006 11:39:19 +0000 (11:39 +0000)
author Dmitry Stogov <dmitry@php.net>
Mon, 18 Dec 2006 11:39:19 +0000 (11:39 +0000)
committer Dmitry Stogov <dmitry@php.net>
Mon, 18 Dec 2006 11:39:19 +0000 (11:39 +0000)
diff --git a/NEWS b/NEWS

index c99d88de082b0752c4a7667662bc3b7c2a365c94..c55fb9c1fc2085931bf16fedb977e75f72abd773 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,13 @@
  PHP                                                                        NEWS
  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-14 Dec 2006, PHP 5.2.1RC1
+?? Dec 2006, PHP 5.2.1RC2
  - Added internal heap protection (Dmitry)
    . safe unlinking
    . cookies
    . canary protection (debug build only)
+  . random generation of cookies and canaries
+
+14 Dec 2006, PHP 5.2.1RC1
  - Added a meta tag to phpinfo() output to prevent search engines from indexing 
    the page. (Ilia)
  - Added new function, sys_get_temp_dir(). (Hartmut)
diff --git a/Zend/Zend.m4 b/Zend/Zend.m4

index fb7b2e06b6d2d3c8c330908ca3fc7e80db497989..3ef1bc27275b3de1288945ce599a3ff14013b0cd 100644 (file)
--- a/Zend/Zend.m4
+++ b/Zend/Zend.m4
@@ -404,3 +404,10 @@ AC_DEFUN([LIBZEND_CPLUSPLUS_CHECKS],[
  
  ])
  
+AC_MSG_CHECKING(whether /dev/urandom exists) 
+if test -r "/dev/urandom" && test -c "/dev/urandom"; then 
+  AC_DEFINE([HAVE_DEV_URANDOM], 1, [Define if the target system has /dev/urandom device])
+  AC_MSG_RESULT(yes) 
+else 
+  AC_MSG_RESULT(no) 
+fi 
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c

index 23d57f4ee65723cde30ddd33f84ec6e89743eec1..d21e2cba2f80563ebf4ca7165b76e48f9508c863 100644 (file)
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@@ -32,6 +32,13 @@
  # include <unistd.h>
  #endif
  
+#ifdef ZEND_WIN32
+# define _WIN32_WINNT 0x0400
+# include <wincrypt.h>
+# include <process.h>
+#endif
+
+
  #ifndef ZEND_USE_MALLOC_MM
  # define ZEND_USE_MALLOC_MM ZEND_DEBUG
  #endif
@@ -712,6 +719,53 @@ static void zend_mm_free_cache(zend_mm_heap *heap)
  }
  #endif
  
+static void zend_mm_random(unsigned char *buf, size_t size)
+{
+       size_t i = 0;
+       unsigned char t;
+
+#ifdef ZEND_WIN32
+       HCRYPTPROV   hCryptProv;
+
+       if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {
+               do {
+                       BOOL ret = CryptGenRandom(hCryptProv, size, buf);
+                       CryptReleaseContext(hCryptProv, 0);
+                       if (ret) {
+                               while (i < size && buf[i] != 0) {
+                                       i++;
+                               }
+                               if (i == size) {
+                                   return;
+                               }
+                  }
+               } while (0);
+       }
+#elif defined(HAVE_DEV_URANDOM)
+       int fd = open("/dev/urandom", 0);
+
+       if (fd >= 0) {
+               if (read(fd, buf, size) == size) {
+                       while (i < size && buf[i] != 0) {
+                               i++;
+                       }
+                       if (i == size) {
+                               close(fd);
+                           return;
+                       }
+               }
+               close(fd);
+       }
+#endif
+       t = (unsigned char)getpid();
+       while (i < size) {
+               do {
+                       buf[i] = ((unsigned char)rand()) ^ t;
+               } while (buf[i] == 0);
+               t = buf[i++] << 1;
+    }
+}
+
  /* Notes:
   * - This function may alter the block_sizes values to match platform alignment
   * - This function does *not* perform sanity checks on the arguments
@@ -741,36 +795,15 @@ ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers,
  
  #if ZEND_MM_HEAP_PROTECTION
         if (_mem_block_start_magic == 0) {
-               int r;
-               do {
-                       r = rand();
-               } while (!(r&0xff000000) ||
-                        !(r&0x00ff0000) ||
-                        !(r&0x0000ff00) ||
-                        !(r&0x000000ff));
-               _mem_block_start_magic = r;
+               zend_mm_random((unsigned char*)&_mem_block_start_magic, sizeof(_mem_block_start_magic));
         }
         if (_mem_block_end_magic == 0) {
-               int r;
-               do {
-                       r = rand();
-               } while (!(r&0xff000000) ||
-                        !(r&0x00ff0000) ||
-                        !(r&0x0000ff00) ||
-                        !(r&0x000000ff));
-               _mem_block_end_magic = r;
+               zend_mm_random((unsigned char*)&_mem_block_end_magic, sizeof(_mem_block_end_magic));
         }
  #endif
  #if ZEND_MM_COOKIES
         if (_zend_mm_cookie == 0) {
-               int r;
-               do {
-                       r = rand();
-               } while (!(r&0xff000000) ||
-                        !(r&0x00ff0000) ||
-                        !(r&0x0000ff00) ||
-                        !(r&0x000000ff));
-               _zend_mm_cookie = r;
+               zend_mm_random((unsigned char*)&_zend_mm_cookie, sizeof(_zend_mm_cookie));
         }
  #endif
author	Dmitry Stogov <dmitry@php.net>
	Mon, 18 Dec 2006 11:39:19 +0000 (11:39 +0000)
committer	Dmitry Stogov <dmitry@php.net>
	Mon, 18 Dec 2006 11:39:19 +0000 (11:39 +0000)
NEWS		patch \| blob \| history
Zend/Zend.m4		patch \| blob \| history
Zend/zend_alloc.c		patch \| blob \| history