From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 5 Apr 2007 01:48:56 +0000 (+0000)
Subject: Fixed bug #40999 (mcrypt_create_iv() not using random seed).
X-Git-Tag: php-5.2.2RC1~45
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ed0f0e4a677dcd068c8d42df4699d1896905bb75;p=php

Fixed bug #40999 (mcrypt_create_iv() not using random seed).
---

diff --git a/NEWS b/NEWS
index 187c82de75..53e6310877 100644
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,7 @@ PHP                                                                        NEWS
 - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry)
 - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek)
 - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)
+- Fixed bug #40999 (mcrypt_create_iv() not using random seed). (Ilia)
 - Fixed bug #40998 (long session array keys are truncated). (Tony)
 - Implement feature request #40947, allow a single filter as argument 
   for filter_var_array (Pierre)
diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index c5c8c5f0fc..c83cdae03c 100644
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -35,6 +35,7 @@
 #include "php_ini.h"
 #include "php_globals.h"
 #include "ext/standard/info.h"
+#include "ext/standard/php_rand.h"
 
 static int le_mcrypt;
 
@@ -1274,10 +1275,9 @@ PHP_FUNCTION(mcrypt_create_iv)
 			RETURN_FALSE;
 		}
 	} else {
-		unsigned int ctx;
 		n = size;
 		while (size) {
-			iv[--size] = 255.0 * php_rand_r(&ctx) / RAND_MAX;
+			iv[--size] = 255.0 * php_rand(TSRMLS_C) / RAND_MAX;
 		}
 	}
 	RETURN_STRINGL(iv, n, 0);