PHP :: Bug #71679 :: open_basedir is reportedly making mcrypt_create

Bug #71679	open_basedir is reportedly making mcrypt_create_iv() hang
Submitted:	2016-02-27 19:17 UTC	Modified:	2016-02-29 00:15 UTC
From:	scott at paragonie dot com	Assigned:
Status:	Closed	Package:	Safe Mode/open_basedir
PHP Version:	Irrelevant	OS:	Unix-like
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	scott at paragonie dot com
New email:
PHP Version:		OS:

New Comment:

[2016-02-27 19:17 UTC] scott at paragonie dot com

Description:
------------
Reference: 

https://github.com/paragonie/random_compat/issues/90

https://github.com/paragonie/random_compat/commit/144415fe86991730ac53e727abf3701b60295607#commitcomment-16367551

Test script:
---------------
// With open_basedir set to not allow reading /dev
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
var_dump($iv);

Expected result:
----------------
$iv should be quickly populated with 16 random bytes of data

Actual result:
--------------
Process hangs at 100% CPU usage

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-02-28 02:59 UTC] yohgaki@php.net

Hmm. I cannot reproduce the delay. How long does it take on your PC? It seems immediate on my PC.

I get strange output from PHP 7. This should be irrelevant.

[yohgaki@dev github-php-src]$ uname -a
Linux dev 4.3.5-300.fc23.x86_64 #1 SMP Mon Feb 1 03:18:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux


[yohgaki@dev github-php-src]$ phpenv global 5.5.21
[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd`
<?php
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);                                                
var_dump($iv);

string(16) "�K4�w�@�X��K
                          �"

[yohgaki@dev github-php-src]$ php global 5.6.6
Could not open input file: global
[yohgaki@dev github-php-src]$ phpenv global 5.6.5
[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd`
<?php
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);                                                
var_dump($iv);

string(16) "���P�)�%
                        �g"
[yohgaki@dev github-php-src]$ phpenv global 7.0.3
[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd`
<?php
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);                                                
var_dump($iv);

-:3:
string(16) "��F�9<Y��qÚؓ�G"

[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd` -r 'echo file_get_contents("/dev/urandom", false, null, 0, 100);'
PHP Warning:  file_get_contents(): open_basedir restriction in effect. File(/dev/urandom) is not within the allowed path(s): (/home/yohgaki/git/oss/php.net/github-php-src) in Command line code on line 1
PHP Stack trace:
PHP   1. {main}() Command line code:0
PHP   2. file_get_contents() Command line code:1
PHP Warning:  file_get_contents(/dev/urandom): failed to open stream: Operation not permitted in Command line code on line 1

[2016-02-29 00:15 UTC] security at paragonie dot com

This appears to be a duplicate of https://bugs.php.net/bug.php?id=69833

[2016-02-29 00:15 UTC] scott at paragonie dot com

-Status: Open +Status: Closed

[2016-02-29 00:15 UTC] scott at paragonie dot com

Closing.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Oct 25 09:00:02 2025 UTC