php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #71679 open_basedir is reportedly making mcrypt_create_iv() hang
Submitted: 2016-02-27 19:17 UTC Modified: 2016-02-29 00:15 UTC
From: scott at paragonie dot com Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: Irrelevant OS: Unix-like
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: scott at paragonie dot com
New email:
PHP Version: OS:

 

 [2016-02-27 19:17 UTC] scott at paragonie dot com 
Description:
------------
Reference: 

https://github.com/paragonie/random_compat/issues/90

https://github.com/paragonie/random_compat/commit/144415fe86991730ac53e727abf3701b60295607#commitcomment-16367551

Test script:
---------------
// With open_basedir set to not allow reading /dev
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
var_dump($iv);

Expected result:
----------------
$iv should be quickly populated with 16 random bytes of data

Actual result:
--------------
Process hangs at 100% CPU usage

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-02-28 02:59 UTC] yohgaki@php.net 
Hmm. I cannot reproduce the delay. How long does it take on your PC? It seems immediate on my PC.

I get strange output from PHP 7. This should be irrelevant.

[yohgaki@dev github-php-src]$ uname -a
Linux dev 4.3.5-300.fc23.x86_64 #1 SMP Mon Feb 1 03:18:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux


[yohgaki@dev github-php-src]$ phpenv global 5.5.21
[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd`
<?php
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);                                                
var_dump($iv);

string(16) "�K4�w�@�X��K
                          �"

[yohgaki@dev github-php-src]$ php global 5.6.6
Could not open input file: global
[yohgaki@dev github-php-src]$ phpenv global 5.6.5
[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd`
<?php
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);                                                
var_dump($iv);

string(16) "���P�)�%
                        �g"
[yohgaki@dev github-php-src]$ phpenv global 7.0.3
[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd`
<?php
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);                                                
var_dump($iv);

-:3:
string(16) "��F�9<Y��qÚؓ�G"

[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd` -r 'echo file_get_contents("/dev/urandom", false, null, 0, 100);'
PHP Warning:  file_get_contents(): open_basedir restriction in effect. File(/dev/urandom) is not within the allowed path(s): (/home/yohgaki/git/oss/php.net/github-php-src) in Command line code on line 1
PHP Stack trace:
PHP   1. {main}() Command line code:0
PHP   2. file_get_contents() Command line code:1
PHP Warning:  file_get_contents(/dev/urandom): failed to open stream: Operation not permitted in Command line code on line 1
 [2016-02-29 00:15 UTC] security at paragonie dot com 
This appears to be a duplicate of https://bugs.php.net/bug.php?id=69833
 [2016-02-29 00:15 UTC] scott at paragonie dot com
-Status: Open +Status: Closed
 [2016-02-29 00:15 UTC] scott at paragonie dot com 
Closing.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jul 06 20:01:35 2025 UTC