id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
19571	wp_rand() can return a value outside the requested range	mdawaffe	westi	"On some 32bit hosts, the Entropy builds of PHP truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them as floats.

{{{
var_dump( 3000000000 === 2147483647 ); // true
}}}

This can cause {{{wp_rand()}}} to return a value outside the requested range.  That unexpected value in turn breaks {{{wp_generate_password()}}}, which can have security ramifications.

The entropy builds of PHP can be downloaded from:
* http://taracque.hu/php5/
* http://www.entropy.ch/software/macosx/php/
* http://blog.liip.ch/archive/2011/04/13/php-5-3-for-os-x-10-6-one-line-installer.html
* http://php-osx.liip.ch/
* and probably others.  Entropy is somewhat popular in the OS X community.

Steps to reproduce:
1. Find an old 32bit Mac.
2. curl -O '!http://taracque.hu/downloads/Entropy_PHP_5-3-8-0.zip'
3. unzip Entropy_PHP_5-3-8-0.zip
4. sudo installer -pkg Entropy_PHP_5-3-8-0.pkg -target ""/""
5. /usr/local/php5/bin/php -r 'var_dump( 3000000000 === 2147483647 );'

The attached patch to `wp_rand()` checks for the problem and creates the problematic large integer as a string cast to a float rather than as an int (which, on working PHP builds, would be implicitly cast to a float).

The patch is also implemented as a plugin: http://wordpress.org/extend/plugins/wp-rand-for-entropy-php/"	defect (bug)	closed	normal	3.5	General	3.3	normal	fixed	has-patch health-check