Make WordPress Core


Ignore:
Timestamp:
02/16/2022 09:17:04 PM (3 years ago)
Author:
SergeyBiryukov
Message:

External Libraries: Update random_compat to version 2.0.21.

The latest release includes improved compatibility with PHP 8.1, as well as some bug fixes for Windows platforms.

Release notes:
https://github.com/paragonie/random_compat/releases/tag/v2.0.21

For a full list of changes in this update, see the random_compat GitHub:
https://github.com/paragonie/random_compat/compare/v2.0.11...v2.0.21

Follow-up to [42130].

Props jrf, paragoninitiativeenterprises.
Fixes #55181.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php

    r46586 r52742  
    11<?php
    22/**
    3  * Random_* Compatibility Library 
     3 * Random_* Compatibility Library
    44 * for using the new PHP 7 random_* API in PHP 5 projects
    5  * 
     5 *
    66 * The MIT License (MIT)
    77 *
    8  * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
    9  * 
     8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
     9 *
    1010 * Permission is hereby granted, free of charge, to any person obtaining a copy
    1111 * of this software and associated documentation files (the "Software"), to deal
     
    1414 * copies of the Software, and to permit persons to whom the Software is
    1515 * furnished to do so, subject to the following conditions:
    16  * 
     16 *
    1717 * The above copyright notice and this permission notice shall be included in
    1818 * all copies or substantial portions of the Software.
    19  * 
     19 *
    2020 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    2121 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     
    3737     *
    3838     * Why we use /dev/urandom and not /dev/random
     39     * @ref https://www.2uo.de/myths-about-urandom
    3940     * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
    4041     *
     
    4748    function random_bytes($bytes)
    4849    {
     50        /** @var resource $fp */
    4951        static $fp = null;
     52
    5053        /**
    5154         * This block should only be run once
     
    5356        if (empty($fp)) {
    5457            /**
    55              * We use /dev/urandom if it is a char device.
    56              * We never fall back to /dev/random
     58             * We don't want to ever read C:\dev\random, only /dev/urandom on
     59             * Unix-like operating systems. While we guard against this
     60             * condition in random.php, it doesn't hurt to be defensive in depth
     61             * here.
     62             *
     63             * To that end, we only try to open /dev/urandom if we're on a Unix-
     64             * like operating system (which means the directory separator is set
     65             * to "/" not "\".
    5766             */
    58             $fp = fopen('/dev/urandom', 'rb');
    59             if (!empty($fp)) {
    60                 $st = fstat($fp);
    61                 if (($st['mode'] & 0170000) !== 020000) {
    62                     fclose($fp);
    63                     $fp = false;
     67            if (DIRECTORY_SEPARATOR === '/') {
     68                if (!is_readable('/dev/urandom')) {
     69                    throw new Exception(
     70                        'Environment misconfiguration: ' .
     71                        '/dev/urandom cannot be read.'
     72                    );
     73                }
     74                /**
     75                 * We use /dev/urandom if it is a char device.
     76                 * We never fall back to /dev/random
     77                 */
     78                /** @var resource|bool $fp */
     79                $fp = fopen('/dev/urandom', 'rb');
     80                if (is_resource($fp)) {
     81                    /** @var array<string, int> $st */
     82                    $st = fstat($fp);
     83                    if (($st['mode'] & 0170000) !== 020000) {
     84                        fclose($fp);
     85                        $fp = false;
     86                    }
    6487                }
    6588            }
    6689
    67             if (!empty($fp)) {
     90            if (is_resource($fp)) {
    6891                /**
    6992                 * stream_set_read_buffer() does not exist in HHVM
     
    84107
    85108        try {
     109            /** @var int $bytes */
    86110            $bytes = RandomCompat_intval($bytes);
    87111        } catch (TypeError $ex) {
     
    104128         * page load.
    105129         */
    106         if (!empty($fp)) {
     130        if (is_resource($fp)) {
    107131            /**
    108132             * @var int
     
    124148                $read = fread($fp, $remaining);
    125149                if (!is_string($read)) {
    126                     if ($read === false) {
    127                         /**
    128                          * We cannot safely read from the file. Exit the
    129                          * do-while loop and trigger the exception condition
    130                          *
    131                          * @var string|bool
    132                          */
    133                         $buf = false;
    134                         break;
    135                     }
     150                    /**
     151                     * We cannot safely read from the file. Exit the
     152                     * do-while loop and trigger the exception condition
     153                     *
     154                     * @var string|bool
     155                     */
     156                    $buf = false;
     157                    break;
    136158                }
    137159                /**
     
    140162                $remaining -= RandomCompat_strlen($read);
    141163                /**
    142                  * @var string|bool
     164                 * @var string $buf
    143165                 */
    144                 $buf = $buf . $read;
     166                $buf .= $read;
    145167            } while ($remaining > 0);
    146168
    147169            /**
    148170             * Is our result valid?
     171             * @var string|bool $buf
    149172             */
    150173            if (is_string($buf)) {
Note: See TracChangeset for help on using the changeset viewer.