id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
19571,wp_rand() can return a value outside the requested range,mdawaffe,westi,"On some 32bit hosts, the Entropy builds of PHP truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them as floats.

{{{
var_dump( 3000000000 === 2147483647 ); // true
}}}

This can cause {{{wp_rand()}}} to return a value outside the requested range.  That unexpected value in turn breaks {{{wp_generate_password()}}}, which can have security ramifications.

The entropy builds of PHP can be downloaded from:
* http://taracque.hu/php5/
* http://www.entropy.ch/software/macosx/php/
* http://blog.liip.ch/archive/2011/04/13/php-5-3-for-os-x-10-6-one-line-installer.html
* http://php-osx.liip.ch/
* and probably others.  Entropy is somewhat popular in the OS X community.

Steps to reproduce:
1. Find an old 32bit Mac.
2. curl -O '!http://taracque.hu/downloads/Entropy_PHP_5-3-8-0.zip'
3. unzip Entropy_PHP_5-3-8-0.zip
4. sudo installer -pkg Entropy_PHP_5-3-8-0.pkg -target ""/""
5. /usr/local/php5/bin/php -r 'var_dump( 3000000000 === 2147483647 );'

The attached patch to `wp_rand()` checks for the problem and creates the problematic large integer as a string cast to a float rather than as an int (which, on working PHP builds, would be implicitly cast to a float).

The patch is also implemented as a plugin: http://wordpress.org/extend/plugins/wp-rand-for-entropy-php/",defect (bug),closed,normal,3.5,General,3.3,normal,fixed,has-patch health-check,