View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000083 | Main CAcert Website | certificate issuing | public | 2005-11-02 10:06 | 2013-01-13 15:34 |
| Reporter | Sourcerer | Assigned To | duane | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2006 | ||||
| Summary | 0000083: Random Number exhaustion | ||||
| Description | In www/account/4.php line 0000127, there is a random number exhaustion problem: $rnd = fopen("/dev/urandom", "r"); $hash = md5(fgets($rnd, 64)); fclose($rnd); The problem is that fgets() pre-buffers more bytes than actually necessary, which is exhausting the random number pool. Random numbers should be read from /dev/*random with dio_open (open/sysopen) and dio_read (read/sysread) instead. | ||||
| Tags | No tags attached. | ||||
| Attached Files | 17.php.patch (659 bytes)
--- 17.php.orig 2005-11-22 21:51:58.000000000 +0100
+++ 17.php 2005-11-22 21:52:10.000000000 +0100
@@ -124,9 +124,18 @@
<form method="post" action="account.php">
<input type="hidden" name="keytype" value="NS">
<?
- $rnd = fopen("/dev/urandom", "r");
- $hash = md5(fgets($rnd, 64));
- fclose($rnd);
+ if(function_exists("dio_open"))
+ {
+ $rnd = dio_open("/dev/urandom",O_RDONLY);
+ $hash = md5(dio_read($rnd,64));
+ dio_close($rnd);
+ }
+ else
+ {
+ $rnd = fopen("/dev/urandom", "r");
+ $hash = md5(fgets($rnd, 64));
+ fclose($rnd);
+ }
?>
<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=$hash?>">
| ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
$rnd = dio_open("/dev/urandom",O_RDONLY); $hash = md5(dio_read($rnd,64)); dio_close($rnd); dio does not seem to be supported by all PHP versions, be careful. |
|
|
The patch automatically uses dio_open if they are available. The same problem is in the following files: includes/account.php www/disputes.php www/index.php www/account/4.php |
|
|
function make_hash() { if(function_exists("dio_open")) { $rnd = dio_open("/dev/urandom",O_RDONLY); $hash = md5(dio_read($rnd,64)); dio_close($rnd); } else { $rnd = fopen("/dev/urandom", "r"); $hash = md5(fgets($rnd, 64)); fclose($rnd); } } |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2005-11-02 10:06 | Sourcerer | New Issue | |
| 2005-11-22 21:08 | Sourcerer | Note Added: 0000031 | |
| 2005-11-23 07:57 | Sourcerer | File Added: 17.php.patch | |
| 2005-11-23 07:58 | Sourcerer | Note Added: 0000037 | |
| 2005-11-28 10:39 | Sourcerer | Status | new => needs work |
| 2005-11-28 10:39 | Sourcerer | Assigned To | => duane |
| 2005-12-08 20:38 | evaldo | Relationship added | related to 0000090 |
| 2006-04-21 07:27 | duane | Status | needs work => closed |
| 2006-04-21 07:27 | duane | Note Added: 0000173 | |
| 2006-04-21 07:27 | duane | Resolution | open => fixed |
| 2006-04-21 07:27 | duane | Fixed in Version | => production |
| 2013-01-13 15:34 | Werner Dworak | Fixed in Version | => 2006 |
