Merge branch 'security/zf2016-01'

Patch for ZF2016-01
adamvarga · Apr 13, 2016 · 94c13a2 · 94c13a2
2 parents 3b045d0 + dbb9c8e
commit 94c13a2
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 19 deletions.
diff --git a/library/Zend/Crypt/Math.php b/library/Zend/Crypt/Math.php
@@ -77,11 +77,8 @@ public static function randBytes($length, $strong = false)
         if ($length <= 0) {
             return false;
         }
-        if (function_exists('openssl_random_pseudo_bytes')) {
-            $bytes = openssl_random_pseudo_bytes($length, $usable);
-            if ($strong === $usable) {
-                return $bytes;
-            }
+        if (function_exists('random_bytes')) { // available in PHP 7
+            return random_bytes($length);
         }
         if (function_exists('mcrypt_create_iv')) {
             $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
@@ -134,6 +131,9 @@ public static function randInteger($min, $max, $strong = false)
                 'The supplied range is too great to generate'
             );
         }
+        if (function_exists('random_int')) { // available in PHP 7
+            return random_int($min, $max);
+        }
         // calculate number of bits required to store range on this machine
         $r = $range;
         $bits = 0;

diff --git a/library/Zend/Filter/Encrypt/Mcrypt.php b/library/Zend/Filter/Encrypt/Mcrypt.php
@@ -24,6 +24,9 @@
  */
 require_once 'Zend/Filter/Encrypt/Interface.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Encryption adapter for mcrypt
  *
@@ -355,9 +358,8 @@ protected function _srand()
         if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
             return;
         }
-
         if (!self::$_srandCalled) {
-            srand((double) microtime() * 1000000);
+            srand(Zend_Crypt_Math::randInteger(0, PHP_INT_MAX));
             self::$_srandCalled = true;
         }
     }

diff --git a/library/Zend/Form/Element/Hash.php b/library/Zend/Form/Element/Hash.php
@@ -22,6 +22,9 @@
 /** Zend_Form_Element_Xhtml */
 require_once 'Zend/Form/Element/Xhtml.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * CSRF form protection
  *
@@ -249,10 +252,7 @@ public function render(Zend_View_Interface $view = null)
     protected function _generateHash()
     {
         $this->_hash = md5(
-            mt_rand(1,1000000)
-            .  $this->getSalt()
-            .  $this->getName()
-            .  mt_rand(1,1000000)
+            Zend_Crypt_Math::randBytes(32)
         );
         $this->setValue($this->_hash);
     }

diff --git a/library/Zend/Gdata/HttpClient.php b/library/Zend/Gdata/HttpClient.php
@@ -25,6 +25,9 @@
  */
 require_once 'Zend/Http/Client.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Gdata Http Client object.
  *
@@ -210,7 +213,7 @@ public function filterHttpRequest($method, $url, $headers = array(), $body = nul
             if ($this->getAuthSubPrivateKeyId() != null) {
                 // secure AuthSub
                 $time = time();
-                $nonce = mt_rand(0, 999999999);
+                $nonce = Zend_Crypt_Math::randInteger(0, 999999999);
                 $dataToSign = $method . ' ' . $url . ' ' . $time . ' ' . $nonce;
 
                 // compute signature

diff --git a/library/Zend/Ldap/Attribute.php b/library/Zend/Ldap/Attribute.php
@@ -24,6 +24,9 @@
  */
 require_once 'Zend/Ldap/Converter.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Zend_Ldap_Attribute is a collection of LDAP attribute related functions.
  *
@@ -311,7 +314,7 @@ public static function createPassword($password, $hashType = self::PASSWORD_HASH
                 }
                 return $password;
             case self::PASSWORD_HASH_SSHA:
-                $salt    = substr(sha1(uniqid(mt_rand(), true), true), 0, 4);
+                $salt    = Zend_Crypt_Math::randBytes(4);
                 $rawHash = sha1($password . $salt, true) . $salt;
                 $method  = '{SSHA}';
                 break;
@@ -320,7 +323,7 @@ public static function createPassword($password, $hashType = self::PASSWORD_HASH
                 $method  = '{SHA}';
                 break;
             case self::PASSWORD_HASH_SMD5:
-                $salt    = substr(sha1(uniqid(mt_rand(), true), true), 0, 4);
+                $salt    = Zend_Crypt_Math::randBytes(4);
                 $rawHash = md5($password . $salt, true) . $salt;
                 $method  = '{SMD5}';
                 break;

diff --git a/library/Zend/OpenId.php b/library/Zend/OpenId.php
@@ -25,6 +25,9 @@
  */
 require_once "Zend/Controller/Response/Abstract.php";
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Static class that contains common utility functions for
  * {@link Zend_OpenId_Consumer} and {@link Zend_OpenId_Provider}.
@@ -474,11 +477,7 @@ static public function redirect($url, $params = null,
      */
     static public function randomBytes($len)
     {
-        $key = '';
-        for($i=0; $i < $len; $i++) {
-            $key .= chr(mt_rand(0, 255));
-        }
-        return $key;
+        return (string) Zend_Crypt_Math::randBytes($len);
     }
 
     /**