php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #50943 rand/mt_rand not seeded for every request
Submitted: 2010-02-05 23:37 UTC Modified: 2010-02-24 01:00 UTC
From: maarten-baert at hotmail dot com Assigned:
Status: No Feedback Package: Documentation problem
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: maarten-baert at hotmail dot com
New email:
PHP Version: OS:

 

 [2010-02-05 23:37 UTC] maarten-baert at hotmail dot com
Description:
------------
Rand/mt_rand is not seeded automatically for every request: if I use srand/mt_srand the results of rand/mt_rand in future requests (even in other scripts) are also affected.

The server uses PHP Version 5.2.4-2ubuntu5.9, I can't update it so I'm not sure whether this has been fixed in future versions. I can't reproduce this on my own computer (using CLI).

Maybe this isn't a bug, but the documentation claims the random number generator is seeded automatically, so if anyone uses rand/mt_rand to generate tokens, captchas (like me), or any other kind of security-related random data, an attacker could use this to get the same data every time.

Reproduce code:
---------------
<?php

echo rand(1,1000);
srand(5);

// OR

echo mt_rand(1,1000);
mt_srand(5);

?>

Expected result:
----------------
I expected to see a random number every time I refresh the page.


Actual result:
--------------
The first time I get a random number, but after that I always get 275 (rand) or 775 (mt_rand).

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-16 11:18 UTC] degeberg@php.net
I cannot duplicate this on PHP 5.3.1 or 5.2.4. My guess is that this is caused by Ubuntu specific changes. Otherwise you would have to provide more information about your setup.

================
daniel@daniel-laptop:~$ cat test.php
<?php
echo rand(1,1000);
srand(5);

echo PHP_EOL;
?>
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cli/php --version
PHP 5.2.4 (cli) (built: Feb 16 2010 11:59:06) 
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cli/php test.php
277
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cli/php test.php
961
daniel@daniel-laptop:~$ php --version
PHP 5.3.1 (cli) (built: Dec 11 2009 19:55:07) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
daniel@daniel-laptop:~$ php test.php
459
daniel@daniel-laptop:~$ php test.php
329
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cgi/php-cgi test.php
X-Powered-By: PHP/5.2.4
Content-type: text/html

124
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cgi/php-cgi test.php
X-Powered-By: PHP/5.2.4
Content-type: text/html

114
================
 [2010-02-24 01:00 UTC] doc-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 15:01:22 2019 UTC