View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000132 | Main CAcert Website | website content | public | 2006-02-13 22:18 | 2013-01-13 16:47 |
Reporter | Sourcerer | Assigned To | Sourcerer | ||
Priority | normal | Severity | crash | Reproducibility | random |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2006 | ||||
Summary | 0000132: Collision in variable names | ||||
Description | cgi-bin/siteseal.cgi line 19: This script generates random function names: $var1 = "ca".md5(rand(0,9999999)); $var2 = "ca".md5(rand(0,9999999)); $var3 = "ca".md5(rand(0,9999999)); $var4 = "ca".md5(rand(0,9999999)); $var5 = "ca".md5(rand(0,9999999)); $var6 = "ca".md5(rand(0,9999999)); $var7 = "ca".md5(rand(0,9999999)); $var8 = "ca".md5(rand(0,9999999)); $var9 = "ca".md5(rand(0,9999999)); $var10 = "ca".md5(rand(0,9999999)); $var11 = "ca".md5(rand(0,9999999)); The problem is that there is no protection against a collision of the function names, and a collision likely leads to troubles. | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
|
srand((double)microtime()*1000000); $var1 = "ca1-".md5(rand(0,9999999)); $var2 = "ca2-".md5(rand(0,9999999)); $var3 = "ca3-".md5(rand(0,9999999)); $var4 = "ca4-".md5(rand(0,9999999)); $var5 = "ca5-".md5(rand(0,9999999)); $var6 = "ca6-".md5(rand(0,9999999)); $var7 = "ca7-".md5(rand(0,9999999)); $var8 = "ca8-".md5(rand(0,9999999)); $var9 = "ca9-".md5(rand(0,9999999)); $var10 = "caa-".md5(rand(0,9999999)); $var11 = "cab-".md5(rand(0,9999999)); |
Date Modified | Username | Field | Change |
---|---|---|---|
2006-02-13 22:18 | Sourcerer | New Issue | |
2006-08-16 14:31 | duane | Status | new => needs work |
2006-08-16 14:31 | duane | Assigned To | => Sourcerer |
2006-08-16 14:32 | duane | Status | needs work => solved? |
2006-08-16 14:32 | duane | Fixed in Version | => production |
2006-08-16 14:32 | duane | Resolution | open => fixed |
2006-08-16 14:32 | duane | Note Added: 0000533 | |
2006-11-10 16:26 | wonderer | Status | solved? => closed |
2013-01-13 16:47 | Werner Dworak | Fixed in Version | => 2006 |