From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 10 May 2007 21:05:14 +0000 (+0000)
Subject: Fixed random number generation for http auth mechanism in SOAP
X-Git-Tag: php-5.2.3RC1~120
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=51e0891f0ba5828233e418b8e04ea5d7b33482e8;p=php

Fixed random number generation for http auth mechanism in SOAP

# Identified by Stefan Esser
---

diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index 0d27bb591b..b487772556 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -22,6 +22,7 @@
 #include "php_soap.h"
 #include "ext/standard/base64.h"
 #include "ext/standard/md5.h"
+#include "ext/standard/php_rand.h"
 
 static char *get_http_header_value(char *headers, char *type);
 static int get_http_body(php_stream *socketd, int close, char *headers,  char **response, int *out_size TSRMLS_DC);
@@ -469,10 +470,9 @@ try_again:
 					char          HA1[33], HA2[33], response[33], cnonce[33], nc[9];
 					PHP_MD5_CTX   md5ctx;
 					unsigned char hash[16];
-					unsigned int ctx;
 
 					PHP_MD5Init(&md5ctx);
-					snprintf(cnonce, sizeof(cnonce), "%d", php_rand_r(&ctx));
+					snprintf(cnonce, sizeof(cnonce), "%d", php_rand(TSRMLS_C));
 					PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce));
 					PHP_MD5Final(hash, &md5ctx);
 					make_digest(cnonce, hash);