Fixed bug #40999 (mcrypt_create_iv() not using random seed).

diff --git a/NEWS b/NEWS
index 187c82de751f065b4bd82672bd9629fa8917345f..53e63108770367e49ad849b47c960539e4f33515 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,7 @@ PHP                                                                        NEWS
 - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry)
 - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek)
 - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)
+- Fixed bug #40999 (mcrypt_create_iv() not using random seed). (Ilia)
 - Fixed bug #40998 (long session array keys are truncated). (Tony)
 - Implement feature request #40947, allow a single filter as argument 
   for filter_var_array (Pierre)

diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index c5c8c5f0fc8b3ab4211d3c65e4c117eb3c1ba2d4..c83cdae03cca7f3df73d7738f7f5240576726229 100644 (file)
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -35,6 +35,7 @@
 #include "php_ini.h"
 #include "php_globals.h"
 #include "ext/standard/info.h"
+#include "ext/standard/php_rand.h"
 
 static int le_mcrypt;
 
@@ -1274,10 +1275,9 @@ PHP_FUNCTION(mcrypt_create_iv)
                        RETURN_FALSE;
                }
        } else {
-               unsigned int ctx;
                n = size;
                while (size) {
-                       iv[--size] = 255.0 * php_rand_r(&ctx) / RAND_MAX;
+                       iv[--size] = 255.0 * php_rand(TSRMLS_C) / RAND_MAX;
                }
        }
        RETURN_STRINGL(iv, n, 0);