From 48f1a17886d874dc90867c669481804de90509e8 Mon Sep 17 00:00:00 2001
From: Yasuo Ohgaki <yohgaki@php.net>
Date: Tue, 18 Oct 2016 09:04:57 +0900
Subject: [PATCH] Fix bug #47890 #73215 uniqid() should use better random
 source

---
 ext/standard/uniqid.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c
index f429e6d4a0..207cf01cb8 100644
--- a/ext/standard/uniqid.c
+++ b/ext/standard/uniqid.c
@@ -35,9 +35,11 @@
 #include <sys/time.h>
 #endif
 
-#include "php_lcg.h"
+#include "php_random.h"
 #include "uniqid.h"
 
+#define PHP_UNIQID_ENTROPY_LEN 10
+
 /* {{{ proto string uniqid([string prefix [, bool more_entropy]])
    Generates a unique ID */
 #ifdef HAVE_GETTIMEOFDAY
@@ -77,7 +79,22 @@ PHP_FUNCTION(uniqid)
 	 * digits for usecs.
 	 */
 	if (more_entropy) {
-		uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, php_combined_lcg() * 10);
+		int i;
+		unsigned char c, entropy[PHP_UNIQID_ENTROPY_LEN+1];
+
+		for(i = 0; i < PHP_UNIQID_ENTROPY_LEN;) {
+			php_random_bytes_throw(&c, sizeof(c));
+			/* Avoid modulo bias */
+			if (c > 249) {
+				continue;
+			}
+			entropy[i] = c % 10 + '0';
+			i++;
+		}
+		/* Set . for compatibility */
+		entropy[1] = '.';
+		entropy[PHP_UNIQID_ENTROPY_LEN] = '\0';
+		uniqid = strpprintf(0, "%s%08x%05x%s", prefix, sec, usec, entropy);
 	} else {
 		uniqid = strpprintf(0, "%s%08x%05x", prefix, sec, usec);
 	}
-- 
2.40.0