MFB: Replace non-threadsafe rand() with php_rand_r()

diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index fe7028bda6a639b71b170d37873e9c6e89ae835a..701a1fccc6b9df02a3942344d39e45d45c917b24 100644 (file)
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -1039,7 +1039,8 @@ int php_mcrypt_iv(php_mcrypt_iv_source source, int size, char **iv_str, int *iv_
                case PHP_MCRYPT_IV_SOURCE_RAND:
                                *iv_len = size;
                                while (size) {
-                                       (*iv_str)[--size] = 255.0 * rand() / RAND_MAX;
+                                       unsigned int ctx;
+                                       (*iv_str)[--size] = 255.0 * php_rand_r(&ctx) / RAND_MAX;
                                }
                        break;
        }

diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index 229fb52a218558fe0e4c9f9860ae99aceeaa57c5..ce15c277472bbafc35dd34b585617395aeff3a86 100644 (file)
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -462,9 +462,10 @@ try_again:
                                        char          HA1[33], HA2[33], response[33], cnonce[33], nc[9];
                                        PHP_MD5_CTX   md5ctx;
                                        unsigned char hash[16];
+                                       unsigned int ctx;
 
                                        PHP_MD5Init(&md5ctx);
-                                       sprintf(cnonce, "%d", rand());
+                                       sprintf(cnonce, "%d", php_rand_r(&ctx));
                                        PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce));
                                        PHP_MD5Final(hash, &md5ctx);
                                        make_digest(cnonce, hash);