View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000132Main CAcert Websitewebsite contentpublic2006-02-13 22:182013-01-13 16:47
ReporterSourcerer Assigned ToSourcerer  
PrioritynormalSeveritycrashReproducibilityrandom
Status closedResolutionfixed 
Fixed in Version2006 
Summary0000132: Collision in variable names
Descriptioncgi-bin/siteseal.cgi line 19:

This script generates random function names:

$var1 = "ca".md5(rand(0,9999999));
$var2 = "ca".md5(rand(0,9999999));
$var3 = "ca".md5(rand(0,9999999));
$var4 = "ca".md5(rand(0,9999999));
$var5 = "ca".md5(rand(0,9999999));
$var6 = "ca".md5(rand(0,9999999));
$var7 = "ca".md5(rand(0,9999999));
$var8 = "ca".md5(rand(0,9999999));
$var9 = "ca".md5(rand(0,9999999));
$var10 = "ca".md5(rand(0,9999999));
$var11 = "ca".md5(rand(0,9999999));

The problem is that there is no protection against a collision of the function names, and a collision likely leads to troubles.
TagsNo tags attached.
Reviewed by
Test Instructions

Activities

duane

2006-08-16 14:32

developer   ~0000533

srand((double)microtime()*1000000);
$var1 = "ca1-".md5(rand(0,9999999));
$var2 = "ca2-".md5(rand(0,9999999));
$var3 = "ca3-".md5(rand(0,9999999));
$var4 = "ca4-".md5(rand(0,9999999));
$var5 = "ca5-".md5(rand(0,9999999));
$var6 = "ca6-".md5(rand(0,9999999));
$var7 = "ca7-".md5(rand(0,9999999));
$var8 = "ca8-".md5(rand(0,9999999));
$var9 = "ca9-".md5(rand(0,9999999));
$var10 = "caa-".md5(rand(0,9999999));
$var11 = "cab-".md5(rand(0,9999999));

Issue History

Date Modified Username Field Change
2006-02-13 22:18 Sourcerer New Issue
2006-08-16 14:31 duane Status new => needs work
2006-08-16 14:31 duane Assigned To => Sourcerer
2006-08-16 14:32 duane Status needs work => solved?
2006-08-16 14:32 duane Fixed in Version => production
2006-08-16 14:32 duane Resolution open => fixed
2006-08-16 14:32 duane Note Added: 0000533
2006-11-10 16:26 wonderer Status solved? => closed
2013-01-13 16:47 Werner Dworak Fixed in Version => 2006