archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

random: Do not hardcode the target type when invoking the CSPRNG (#13308)

Browse source 
Instead derive the number of bytes to retrieve from the variable that is being
filled.
This commit is contained in:
Tim Düsterhus 2024-02-02 20:10:19 +01:00 committed by GitHub
parent eb238577f1
commit 7ed21e66fa
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ext/random/engine_mt19937.c
View file

@ -240,7 +240,7 @@ PHPAPI void php_random_mt19937_seed_default(php_random_status_state_mt19937 *sta
{
zend_long seed = 0;
if (php_random_bytes_silent(&seed, sizeof(zend_long)) == FAILURE) {
if (php_random_bytes_silent(&seed, sizeof(seed)) == FAILURE) {
seed = GENERATE_SEED();
}
@ -277,7 +277,7 @@ PHP_METHOD(Random_Engine_Mt19937, __construct)
if (seed_is_null) {
/* MT19937 has a very large state, uses CSPRNG for seeding only */
if (php_random_bytes_throw(&seed, sizeof(zend_long)) == FAILURE) {
if (php_random_bytes_throw(&seed, sizeof(seed)) == FAILURE) {
zend_throw_exception(random_ce_Random_RandomException, "Failed to generate a random seed", 0);
RETURN_THROWS();
}

2
ext/random/engine_secure.c
View file

@ -29,7 +29,7 @@ static php_random_result generate(php_random_status *status)
{
zend_ulong r = 0;
php_random_bytes_throw(&r, sizeof(zend_ulong));
php_random_bytes_throw(&r, sizeof(r));
return (php_random_result){
.size = sizeof(zend_ulong),