diff options
| author | Yasuo Ohgaki <yohgaki@php.net> | 2016-10-18 09:04:57 +0900 |
|---|---|---|
| committer | Yasuo Ohgaki <yohgaki@php.net> | 2016-10-18 09:13:42 +0900 |
| commit | 48f1a17886d874dc90867c669481804de90509e8 (patch) | |
| tree | aeaba1c4a97f7b78c7f36d0d2aff1c84f409d216 | |
| parent | 0b596f81b8f151969898c040db41bbb7c64c275a (diff) | |
| download | php-git-48f1a17886d874dc90867c669481804de90509e8.tar.gz | |
Fix bug #47890 #73215 uniqid() should use better random source
| -rw-r--r-- | ext/standard/uniqid.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c index f429e6d4a0..207cf01cb8 100644 --- a/ext/standard/uniqid.c +++ b/ext/standard/uniqid.c @@ -35,9 +35,11 @@ #include <sys/time.h> #endif -#include "php_lcg.h" +#include "php_random.h" #include "uniqid.h" +#define PHP_UNIQID_ENTROPY_LEN 10 + /* {{{ proto string uniqid([string prefix [, bool more_entropy]]) Generates a unique ID */ #ifdef HAVE_GETTIMEOFDAY @@ -77,7 +79,22 @@ PHP_FUNCTION(uniqid) * digits for usecs. */ if (more_entropy) { - uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, php_combined_lcg() * 10); + int i; + unsigned char c, entropy[PHP_UNIQID_ENTROPY_LEN+1]; + + for(i = 0; i < PHP_UNIQID_ENTROPY_LEN;) { + php_random_bytes_throw(&c, sizeof(c)); + /* Avoid modulo bias */ + if (c > 249) { + continue; + } + entropy[i] = c % 10 + '0'; + i++; + } + /* Set . for compatibility */ + entropy[1] = '.'; + entropy[PHP_UNIQID_ENTROPY_LEN] = '\0'; + uniqid = strpprintf(0, "%s%08x%05x%s", prefix, sec, usec, entropy); } else { uniqid = strpprintf(0, "%s%08x%05x", prefix, sec, usec); } |