iliaa Tue Nov 28 00:24:16 2006 UTC Modified files: /php-src/ext/mcrypt mcrypt.c /php-src/ext/soap php_http.c Log: MFB: Replace non-threadsafe rand() with php_rand_r() http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.101&r2=1.102&diff_format=u Index: php-src/ext/mcrypt/mcrypt.c diff -u php-src/ext/mcrypt/mcrypt.c:1.101 php-src/ext/mcrypt/mcrypt.c:1.102 --- php-src/ext/mcrypt/mcrypt.c:1.101 Wed Nov 15 22:51:45 2006 +++ php-src/ext/mcrypt/mcrypt.c Tue Nov 28 00:24:16 2006 @@ -16,7 +16,7 @@ | Derick Rethans <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: mcrypt.c,v 1.101 2006/11/15 22:51:45 mike Exp $ */ +/* $Id: mcrypt.c,v 1.102 2006/11/28 00:24:16 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -1039,7 +1039,8 @@ case PHP_MCRYPT_IV_SOURCE_RAND: *iv_len = size; while (size) { - (*iv_str)[--size] = 255.0 * rand() / RAND_MAX; + unsigned int ctx; + (*iv_str)[--size] = 255.0 * php_rand_r(&ctx) / RAND_MAX; } break; } http://cvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.97&r2=1.98&diff_format=u Index: php-src/ext/soap/php_http.c diff -u php-src/ext/soap/php_http.c:1.97 php-src/ext/soap/php_http.c:1.98 --- php-src/ext/soap/php_http.c:1.97 Wed Sep 6 11:03:59 2006 +++ php-src/ext/soap/php_http.c Tue Nov 28 00:24:16 2006 @@ -17,7 +17,7 @@ | Dmitry Stogov <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: php_http.c,v 1.97 2006/09/06 11:03:59 dmitry Exp $ */ +/* $Id: php_http.c,v 1.98 2006/11/28 00:24:16 iliaa Exp $ */ #include "php_soap.h" #include "ext/standard/base64.h" @@ -462,9 +462,10 @@ char HA1[33], HA2[33], response[33], cnonce[33], nc[9]; PHP_MD5_CTX md5ctx; unsigned char hash[16]; + unsigned int ctx; PHP_MD5Init(&md5ctx); - sprintf(cnonce, "%d", rand()); + sprintf(cnonce, "%d", php_rand_r(&ctx)); PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce)); PHP_MD5Final(hash, &md5ctx); make_digest(cnonce, hash);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php