Opened 13 years ago
Closed 12 years ago
#19571 closed defect (bug) (fixed)
wp_rand() can return a value outside the requested range
Reported by: | mdawaffe | Owned by: | westi |
---|---|---|---|
Milestone: | 3.5 | Priority: | normal |
Severity: | normal | Version: | 3.3 |
Component: | General | Keywords: | has-patch health-check |
Focuses: | Cc: |
Description
On some 32bit hosts, the Entropy builds of PHP truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them as floats.
var_dump( 3000000000 === 2147483647 ); // true
This can cause wp_rand()
to return a value outside the requested range. That unexpected value in turn breaks wp_generate_password()
, which can have security ramifications.
The entropy builds of PHP can be downloaded from:
- http://taracque.hu/php5/
- http://www.entropy.ch/software/macosx/php/
- http://blog.liip.ch/archive/2011/04/13/php-5-3-for-os-x-10-6-one-line-installer.html
- http://php-osx.liip.ch/
- and probably others. Entropy is somewhat popular in the OS X community.
Steps to reproduce:
- Find an old 32bit Mac.
- curl -O 'http://taracque.hu/downloads/Entropy_PHP_5-3-8-0.zip'
- unzip Entropy_PHP_5-3-8-0.zip
- sudo installer -pkg Entropy_PHP_5-3-8-0.pkg -target "/"
- /usr/local/php5/bin/php -r 'var_dump( 3000000000 === 2147483647 );'
The attached patch to wp_rand()
checks for the problem and creates the problematic large integer as a string cast to a float rather than as an int (which, on working PHP builds, would be implicitly cast to a float).
The patch is also implemented as a plugin: http://wordpress.org/extend/plugins/wp-rand-for-entropy-php/
PS: Installing entropy edits the apache configs that come with OS X.