php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74175 php_random_bytes() failing with php built on system where SYS_getrandom is defnd
Submitted: 2017-02-27 13:11 UTC Modified: 2017-02-27 15:48 UTC
From: lbarnaud@php.net Assigned:
Status: Duplicate Package: Unknown/Other Function
PHP Version: 7.1.2 OS: Linux
Private report: No CVE-ID: None
 [2017-02-27 13:11 UTC] lbarnaud@php.net
Description:
------------
- Built PHP on a system where the SYS_getrandom macro is defined
- Ran the executable on a Kernel that doesn't implement this syscall
- php_random_bytes() is unable to generate random bytes (always returns FAILURE)

I stumbled upon this issue by running a "php:7-alpine" Docker container (from https://hub.docker.com/_/php/) on a Debian 8 with a 3.16 kernel. The getrandom syscall is apparently implemented in linux 3.17.

The problem became visible when session_regenerate_id() failed with the following error:

    Failed to create new session ID: user (path: /sessions)

Which I traced to php_random_bytes() returning FAILURE.

Expected result:
----------------
php_random_bytes() could fallback to other methods, such as readon /dev/urandom, when the "getrandom" syscall is not implemented by the kernel.

Actual result:
--------------
php_random_bytes() calls syscall(SYS_getrandom, ...). This returns -1, with errno=38. php_random_bytes() returns FAILURE.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-02-27 13:14 UTC] lbarnaud@php.net
-Summary: php_random_bytes() failing with built on system where SYS_getrandom is defined +Summary: php_random_bytes() failing with php built on system where SYS_getrandom is defnd
 [2017-02-27 15:48 UTC] requinix@php.net
-Status: Open +Status: Duplicate
 [2017-02-27 15:48 UTC] requinix@php.net
Duplicate of bug #74105 which has been fixed in master.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 14:01:29 2024 UTC