From 1763dc162d93999d2c3e108a21f0596ed61b89ab Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 18 Dec 2006 11:39:19 +0000 Subject: [PATCH] Fixed random generation of cookies and canaries --- NEWS | 5 ++- Zend/Zend.m4 | 7 ++++ Zend/zend_alloc.c | 81 +++++++++++++++++++++++++++++++++-------------- 3 files changed, 68 insertions(+), 25 deletions(-) diff --git a/NEWS b/NEWS index c99d88de08..c55fb9c1fc 100644 --- a/NEWS +++ b/NEWS @@ -1,10 +1,13 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -14 Dec 2006, PHP 5.2.1RC1 +?? Dec 2006, PHP 5.2.1RC2 - Added internal heap protection (Dmitry) . safe unlinking . cookies . canary protection (debug build only) + . random generation of cookies and canaries + +14 Dec 2006, PHP 5.2.1RC1 - Added a meta tag to phpinfo() output to prevent search engines from indexing the page. (Ilia) - Added new function, sys_get_temp_dir(). (Hartmut) diff --git a/Zend/Zend.m4 b/Zend/Zend.m4 index fb7b2e06b6..3ef1bc2727 100644 --- a/Zend/Zend.m4 +++ b/Zend/Zend.m4 @@ -404,3 +404,10 @@ AC_DEFUN([LIBZEND_CPLUSPLUS_CHECKS],[ ]) +AC_MSG_CHECKING(whether /dev/urandom exists) +if test -r "/dev/urandom" && test -c "/dev/urandom"; then + AC_DEFINE([HAVE_DEV_URANDOM], 1, [Define if the target system has /dev/urandom device]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index 23d57f4ee6..d21e2cba2f 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -32,6 +32,13 @@ # include #endif +#ifdef ZEND_WIN32 +# define _WIN32_WINNT 0x0400 +# include +# include +#endif + + #ifndef ZEND_USE_MALLOC_MM # define ZEND_USE_MALLOC_MM ZEND_DEBUG #endif @@ -712,6 +719,53 @@ static void zend_mm_free_cache(zend_mm_heap *heap) } #endif +static void zend_mm_random(unsigned char *buf, size_t size) +{ + size_t i = 0; + unsigned char t; + +#ifdef ZEND_WIN32 + HCRYPTPROV hCryptProv; + + if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { + do { + BOOL ret = CryptGenRandom(hCryptProv, size, buf); + CryptReleaseContext(hCryptProv, 0); + if (ret) { + while (i < size && buf[i] != 0) { + i++; + } + if (i == size) { + return; + } + } + } while (0); + } +#elif defined(HAVE_DEV_URANDOM) + int fd = open("/dev/urandom", 0); + + if (fd >= 0) { + if (read(fd, buf, size) == size) { + while (i < size && buf[i] != 0) { + i++; + } + if (i == size) { + close(fd); + return; + } + } + close(fd); + } +#endif + t = (unsigned char)getpid(); + while (i < size) { + do { + buf[i] = ((unsigned char)rand()) ^ t; + } while (buf[i] == 0); + t = buf[i++] << 1; + } +} + /* Notes: * - This function may alter the block_sizes values to match platform alignment * - This function does *not* perform sanity checks on the arguments @@ -741,36 +795,15 @@ ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, #if ZEND_MM_HEAP_PROTECTION if (_mem_block_start_magic == 0) { - int r; - do { - r = rand(); - } while (!(r&0xff000000) || - !(r&0x00ff0000) || - !(r&0x0000ff00) || - !(r&0x000000ff)); - _mem_block_start_magic = r; + zend_mm_random((unsigned char*)&_mem_block_start_magic, sizeof(_mem_block_start_magic)); } if (_mem_block_end_magic == 0) { - int r; - do { - r = rand(); - } while (!(r&0xff000000) || - !(r&0x00ff0000) || - !(r&0x0000ff00) || - !(r&0x000000ff)); - _mem_block_end_magic = r; + zend_mm_random((unsigned char*)&_mem_block_end_magic, sizeof(_mem_block_end_magic)); } #endif #if ZEND_MM_COOKIES if (_zend_mm_cookie == 0) { - int r; - do { - r = rand(); - } while (!(r&0xff000000) || - !(r&0x00ff0000) || - !(r&0x0000ff00) || - !(r&0x000000ff)); - _zend_mm_cookie = r; + zend_mm_random((unsigned char*)&_zend_mm_cookie, sizeof(_zend_mm_cookie)); } #endif -- 2.50.1