archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-19 17:04:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix bug #47890 #73215 uniqid() should use better random source

Browse source
This commit is contained in:
Yasuo Ohgaki 2016-10-18 09:04:57 +09:00
parent 0b596f81b8
commit 48f1a17886
1 changed files with 19 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

21
ext/standard/uniqid.c
View file

@ -35,9 +35,11 @@
#include <sys/time.h>
#endif
#include "php_lcg.h"
#include "php_random.h"
#include "uniqid.h"
#define PHP_UNIQID_ENTROPY_LEN 10
/* {{{ proto string uniqid([string prefix [, bool more_entropy]])
Generates a unique ID */
#ifdef HAVE_GETTIMEOFDAY
@ -77,7 +79,22 @@ PHP_FUNCTION(uniqid)
* digits for usecs.
*/
if (more_entropy) {
uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, php_combined_lcg() * 10);
int i;
unsigned char c, entropy[PHP_UNIQID_ENTROPY_LEN+1];
for(i = 0; i < PHP_UNIQID_ENTROPY_LEN;) {
php_random_bytes_throw(&c, sizeof(c));
/* Avoid modulo bias */
if (c > 249) {
continue;
}
entropy[i] = c % 10 + '0';
i++;
}
/* Set . for compatibility */
entropy[1] = '.';
entropy[PHP_UNIQID_ENTROPY_LEN] = '\0';
uniqid = strpprintf(0, "%s%08x%05x%s", prefix, sec, usec, entropy);
} else {
uniqid = strpprintf(0, "%s%08x%05x", prefix, sec, usec);
}