Commit f6d2e33c authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #13989: Mitigate PHP's RNG vulnerability (thanks to Marcus Krause and Helmut Hummel)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8371 709f56b5-9817-0410-a4d7-c38de5d9e867
parent b5c8e1e0
......@@ -10,6 +10,7 @@
* Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
* Fixed bug #12458: Session fixation possibility in new sesion machanism of the install tool (thanks to Benjamin Mack, Helmut Hummel and Ernesto Baschny)
* Fixed bug #12736: XSS in setup module (thanks to Georg Ringer)
* Fixed bug #13989: Mitigate PHP's RNG vulnerability (thanks to Marcus Krause and Helmut Hummel)
2010-05-17 Oliver Hader <oliver@typo3.org>
......
......@@ -1383,24 +1383,49 @@ class t3lib_div {
if (TYPO3_OS != 'WIN' && ($fh = @fopen('/dev/urandom', 'rb'))) {
$output = fread($fh, $count);
fclose($fh);
} elseif (TYPO3_OS == 'WIN') {
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
if (function_exists('mcrypt_create_iv')) {
$output = mcrypt_create_iv($count, MCRYPT_DEV_URANDOM);
} elseif (function_exists('openssl_random_pseudo_bytes')) {
$isStrong = null;
$output = openssl_random_pseudo_bytes($count, $isStrong);
// skip ssl since it wasn't using the strong algo
if ($isStrong !== TRUE) {
$output = '';
}
}
}
}
// fallback if /dev/urandom is not available
// fallback if other random byte generation failed until now
if (!isset($output{$count - 1})) {
// We initialize with the somewhat random.
$randomState = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']
. microtime() . getmypid();
$randomState = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'];
if (version_compare(PHP_VERSION, '4.3.2', '>=') && function_exists('memory_get_usage')) {
$randomState .= base_convert(memory_get_usage() % pow(10, 6), 10, 2);
}
$randomState .= microtime() . getmypid();
while (!isset($output{$count - 1})) {
$randomState = md5(microtime() . mt_rand() . $randomState);
// Fix: Work around PHP4 allowing only one parameter to md5()
// $output .= md5(mt_rand() . $randomState, true);
$output .= pack('H*', md5(mt_rand() . $randomState));
$randomState = sha1(microtime() . mt_rand() . $randomState);
// Fix: Work around PHP4 allowing only one parameter to sha1()
// $output .= sha1(mt_rand() . $randomState, true);
$output .= pack('H*', sha1(mt_rand() . $randomState));
}
$output = substr($output, strlen($output) - $count, $count);
}
return $output;
}
/**
* Returns a hex representation of a random byte string.
*
* @param integer Number of hex characters to return
* @return string Random Bytes
*/
function getRandomHexString($count) {
return substr(bin2hex(t3lib_div::generateRandomBytes(intval(($count + 1) / 2))), 0, $count);
}
......
......@@ -228,7 +228,7 @@ class t3lib_userAuth {
// If new session or client tries to fix session...
if (!$id || !$this->isExistingSessionRecord($id)) {
// New random session-$id is made
$id = substr(md5(uniqid('').getmypid()),0,$this->hash_length);
$id = t3lib_div::getRandomHexString($this->hash_length);
// New session
$this->newSessionID = TRUE;
}
......
......@@ -71,7 +71,7 @@ class tx_install_eid {
/**
* Main function which creates the ecryption key for the install tools AJAX call
* Main function which creates the ecryption key for the install tools AJAX call
* It stores the key in $this->content
*
* @return void
......@@ -104,9 +104,8 @@ class tx_install_eid {
if (!headers_sent()) {
header("Content-type: text/plain");
}
$bytes = t3lib_div::generateRandomBytes($keyLength);
return substr(bin2hex($bytes), -96);
return t3lib_div::getRandomHexString($keyLength);
}
/**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment