View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000083 | Main CAcert Website | certificate issuing | public | 2005-11-02 10:06 | 2013-01-13 15:34 |
Reporter | Sourcerer | Assigned To | duane | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2006 | ||||
Summary | 0000083: Random Number exhaustion | ||||
Description | In www/account/4.php line 0000127, there is a random number exhaustion problem: $rnd = fopen("/dev/urandom", "r"); $hash = md5(fgets($rnd, 64)); fclose($rnd); The problem is that fgets() pre-buffers more bytes than actually necessary, which is exhausting the random number pool. Random numbers should be read from /dev/*random with dio_open (open/sysopen) and dio_read (read/sysread) instead. | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
|
$rnd = dio_open("/dev/urandom",O_RDONLY); $hash = md5(dio_read($rnd,64)); dio_close($rnd); dio does not seem to be supported by all PHP versions, be careful. |
2005-11-23 07:57
|
17.php.patch (659 bytes)
--- 17.php.orig 2005-11-22 21:51:58.000000000 +0100 +++ 17.php 2005-11-22 21:52:10.000000000 +0100 @@ -124,9 +124,18 @@ <form method="post" action="account.php"> <input type="hidden" name="keytype" value="NS"> <? - $rnd = fopen("/dev/urandom", "r"); - $hash = md5(fgets($rnd, 64)); - fclose($rnd); + if(function_exists("dio_open")) + { + $rnd = dio_open("/dev/urandom",O_RDONLY); + $hash = md5(dio_read($rnd,64)); + dio_close($rnd); + } + else + { + $rnd = fopen("/dev/urandom", "r"); + $hash = md5(fgets($rnd, 64)); + fclose($rnd); + } ?> <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=$hash?>"> |
|
The patch automatically uses dio_open if they are available. The same problem is in the following files: includes/account.php www/disputes.php www/index.php www/account/4.php |
|
function make_hash() { if(function_exists("dio_open")) { $rnd = dio_open("/dev/urandom",O_RDONLY); $hash = md5(dio_read($rnd,64)); dio_close($rnd); } else { $rnd = fopen("/dev/urandom", "r"); $hash = md5(fgets($rnd, 64)); fclose($rnd); } } |
Date Modified | Username | Field | Change |
---|---|---|---|
2005-11-02 10:06 | Sourcerer | New Issue | |
2005-11-22 21:08 | Sourcerer | Note Added: 0000031 | |
2005-11-23 07:57 | Sourcerer | File Added: 17.php.patch | |
2005-11-23 07:58 | Sourcerer | Note Added: 0000037 | |
2005-11-28 10:39 | Sourcerer | Status | new => needs work |
2005-11-28 10:39 | Sourcerer | Assigned To | => duane |
2005-12-08 20:38 | evaldo | Relationship added | related to 0000090 |
2006-04-21 07:27 | duane | Status | needs work => closed |
2006-04-21 07:27 | duane | Note Added: 0000173 | |
2006-04-21 07:27 | duane | Resolution | open => fixed |
2006-04-21 07:27 | duane | Fixed in Version | => production |
2013-01-13 15:34 | Werner Dworak | Fixed in Version | => 2006 |