Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix logic error reading random bytes from /dev/urandom #1466

Closed
wants to merge 1 commit into from

Conversation

TysonAndre
Copy link
Contributor

@TysonAndre TysonAndre commented Apr 2, 2020

Fixes a bug introduced in c2be7e6

Previously, this would return those bytes if the number of bytes read
was less than the number of bytes this was trying to read.

In practice, I believe this would mean bytes from /dev/urandom would never
get used. (Noticed when upgrading phpseclib)

Also, I think that if (!\is_bool($fp)) might be even faster than if ($fp !== true && $fp !== false) { or if (!is_bool($fp)) - PHP Opcache can convert the is_bool call to an efficient ZEND_TYPE_CHECK opcode instead of a function call, but only if opcache is enabled and the call is fully qualified (e.g. with \).

This looks like it only impacts php 5 applications without openssl support

Fixes a bug introduced in c2be7e6

Previously, this would return those bytes if the number of bytes read
was **less than** the number of bytes this was trying to read.

In practice, I believe this would mean bytes from /dev/urandom would never
get used.  (Noticed when upgrading phpseclib)
terrafrost referenced this pull request Apr 3, 2020
Fixes a bug introduced in c2be7e6

Previously, this would return those bytes if the number of bytes read
was **less than** the number of bytes this was trying to read.

In practice, I believe this would mean bytes from /dev/urandom would never
get used.  (Noticed when upgrading phpseclib)
@terrafrost
Copy link
Member

I cherry picked this to the 1.0 branch and then merged that to 2.0 / 3.0 / master (well, 3.0 / master didn't really see any changes but merging into 3.0 / master would have resulted in a merge conflict so I did the merge and resolved the conflict by telling it to use the 3.0 file, unmodified).

Thanks!

@terrafrost terrafrost closed this Apr 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants