php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #71679 open_basedir is reportedly making mcrypt_create_iv() hang
Submitted: 2016-02-27 19:17 UTC Modified: 2016-02-29 00:15 UTC
From: scott at paragonie dot com Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: Irrelevant OS: Unix-like
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2016-02-27 19:17 UTC] scott at paragonie dot com 
Description:
------------
Reference: 

https://github.com/paragonie/random_compat/issues/90

https://github.com/paragonie/random_compat/commit/144415fe86991730ac53e727abf3701b60295607#commitcomment-16367551

Test script:
---------------
// With open_basedir set to not allow reading /dev
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
var_dump($iv);

Expected result:
----------------
$iv should be quickly populated with 16 random bytes of data

Actual result:
--------------
Process hangs at 100% CPU usage

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-02-28 02:59 UTC] yohgaki@php.net 
Hmm. I cannot reproduce the delay. How long does it take on your PC? It seems immediate on my PC.

I get strange output from PHP 7. This should be irrelevant.

[yohgaki@dev github-php-src]$ uname -a
Linux dev 4.3.5-300.fc23.x86_64 #1 SMP Mon Feb 1 03:18:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux


[yohgaki@dev github-php-src]$ phpenv global 5.5.21
[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd`
<?php
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);                                                
var_dump($iv);

string(16) "�K4�w�@�X��K
                          �"

[yohgaki@dev github-php-src]$ php global 5.6.6
Could not open input file: global
[yohgaki@dev github-php-src]$ phpenv global 5.6.5
[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd`
<?php
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);                                                
var_dump($iv);

string(16) "���P�)�%
                        �g"
[yohgaki@dev github-php-src]$ phpenv global 7.0.3
[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd`
<?php
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);                                                
var_dump($iv);

-:3:
string(16) "��F�9<Y��qÚؓ�G"

[yohgaki@dev github-php-src]$ php -d open_basedir=`pwd` -r 'echo file_get_contents("/dev/urandom", false, null, 0, 100);'
PHP Warning:  file_get_contents(): open_basedir restriction in effect. File(/dev/urandom) is not within the allowed path(s): (/home/yohgaki/git/oss/php.net/github-php-src) in Command line code on line 1
PHP Stack trace:
PHP   1. {main}() Command line code:0
PHP   2. file_get_contents() Command line code:1
PHP Warning:  file_get_contents(/dev/urandom): failed to open stream: Operation not permitted in Command line code on line 1
 [2016-02-29 00:15 UTC] security at paragonie dot com 
This appears to be a duplicate of https://bugs.php.net/bug.php?id=69833
 [2016-02-29 00:15 UTC] scott at paragonie dot com
-Status: Open +Status: Closed
 [2016-02-29 00:15 UTC] scott at paragonie dot com 
Closing.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 20 00:01:27 2024 UTC