php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70742 random_bytes() fails when the SYSTEMROOT env var is empty
Submitted: 2015-10-19 14:56 UTC Modified: 2015-10-20 14:51 UTC
From: nicolas dot grekas+php at gmail dot com Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 7.0.0RC5 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: nicolas dot grekas+php at gmail dot com
New email:
PHP Version: OS:

 

 [2015-10-19 14:56 UTC] nicolas dot grekas+php at gmail dot com
Description:
------------
On Windows, both random_bytes and mcrypt_create_iv fail when the SYSTEMROOT env var is not set.

Test script:
---------------
<?php

putenv('SYSTEMROOT=');

echo strlen(random_bytes(1));

Expected result:
----------------
1

Actual result:
--------------
PHP Warning:  mcrypt_create_iv(): Could not gather sufficient random data

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-20 11:16 UTC] ab@php.net
-Status: Open +Status: Not a bug
 [2015-10-20 11:16 UTC] ab@php.net
Thanks for the report. Why would you want to manipulate this env variable? Doing so, you'll probably break not only this but many other things.

In this particular case, since the default crypto service provider is used, the corresponding DLL will fail to load. Consequently CryptAcquireContext() will fail. This is expected behavior.

Thanks.
 [2015-10-20 13:09 UTC] nicolas dot grekas+php at gmail dot com
"Not a bug" is fine by me, I mostly wanted to get feedback on this behaviour and document it somewhere.
This can happen more frequently by using proc_open(): when one sets the $env argument, it's easy to miss some important vars there.
 [2015-10-20 14:51 UTC] ab@php.net
OK, I didn't think about it from this POV, but yes -proc_open() actually doesn't merge env. Btw. it'll be much easier in 7.1, getenv() without arguments will deliver the whole env vars (Ferenc already merged it).

Thanks.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Mar 30 20:01:24 2020 UTC