From 9a0cc69c53f58e904c65da32bf21ebb23a114e78 Mon Sep 17 00:00:00 2001 From: Tyson Andre Date: Sun, 13 Jun 2021 16:04:37 -0400 Subject: [PATCH] Use 16 instead of 15 bytes of random data in ReflectionReference->getId (#7148) ``` ZEND_BEGIN_MODULE_GLOBALS(reflection) bool key_initialized; unsigned char key[REFLECTION_KEY_LEN]; ZEND_END_MODULE_GLOBALS(reflection) ``` This was previously also overwriting key_initialized, which didn't matter at all because C struct layout is always in order of declaration and the value of key_initialized was subsequently set to 1. --- ext/reflection/php_reflection.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 48b9a8815d2..91c21599e3d 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -6370,7 +6370,7 @@ ZEND_METHOD(ReflectionReference, getId) } if (!REFLECTION_G(key_initialized)) { - if (php_random_bytes_throw(&REFLECTION_G(key_initialized), 16) == FAILURE) { + if (php_random_bytes_throw(&REFLECTION_G(key), 16) == FAILURE) { RETURN_THROWS(); }