php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #70742 random_bytes() fails when the SYSTEMROOT env var is empty
Submitted: 2015-10-19 14:56 UTC Modified: 2015-10-20 14:51 UTC
From: nicolas dot grekas+php at gmail dot com Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 7.0.0RC5 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
46 + 40 = ?
Subscribe to this entry?

 
 [2015-10-19 14:56 UTC] nicolas dot grekas+php at gmail dot com 
Description:
------------
On Windows, both random_bytes and mcrypt_create_iv fail when the SYSTEMROOT env var is not set.

Test script:
---------------
<?php

putenv('SYSTEMROOT=');

echo strlen(random_bytes(1));

Expected result:
----------------
1

Actual result:
--------------
PHP Warning:  mcrypt_create_iv(): Could not gather sufficient random data

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-20 11:16 UTC] ab@php.net
-Status: Open +Status: Not a bug
 [2015-10-20 11:16 UTC] ab@php.net 
Thanks for the report. Why would you want to manipulate this env variable? Doing so, you'll probably break not only this but many other things.

In this particular case, since the default crypto service provider is used, the corresponding DLL will fail to load. Consequently CryptAcquireContext() will fail. This is expected behavior.

Thanks.
 [2015-10-20 13:09 UTC] nicolas dot grekas+php at gmail dot com 
"Not a bug" is fine by me, I mostly wanted to get feedback on this behaviour and document it somewhere.
This can happen more frequently by using proc_open(): when one sets the $env argument, it's easy to miss some important vars there.
 [2015-10-20 14:51 UTC] ab@php.net 
OK, I didn't think about it from this POV, but yes -proc_open() actually doesn't merge env. Btw. it'll be much easier in 7.1, getenv() without arguments will deliver the whole env vars (Ferenc already merged it).

Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 22:01:29 2024 UTC