php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75409 accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing
Submitted: 2017-10-20 09:44 UTC Modified: 2017-11-03 19:03 UTC
From: martin dot zdrahal at s-team dot at Assigned: sarciszewski (profile)
Status: Closed Package: *Encryption and hash functions
PHP Version: 7.1.10 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: martin dot zdrahal at s-team dot at
New email:
PHP Version: OS:

 

 [2017-10-20 09:44 UTC] martin dot zdrahal at s-team dot at
Description:
------------
When running php -r '\random_int(0,20);' on my QNAP NAS, PHP always returns an error. The kernel on my NAS returns EPERM instead of ENOSYS, thus degrading to /dev/urandom does not happen.
This has been fixed in python a while back (https://bugs.python.org/issue27955, albeit it does not catch EFAULT).

I suspect this behaviour exists in every PHP version that uses the getrandom() syscall

Test script:
---------------
\random_int(0,20);

Actual result:
--------------
PHP Fatal error:  Uncaught Exception: Could not gather sufficient random data in Command line code:1
Stack trace:
#0 Command line code(1): random_int(0, 20)
#1 {main}
  thrown in Command line code on line 1

strace output:

getrandom(0xbde13510, 4, 0)             = -1 EFAULT (Bad address)
brk(0xb6587000)                         = 0xb6587000
writev(2, [{iov_base="", iov_len=0}, {iov_base="PHP Fatal error:  Uncaught Excep"..., iov_len=206}], 2PHP Fatal error:  Uncaught Exception: Could not gather sufficient random data in Command line code:1
Stack trace:
#0 Command line code(1): random_int(0, 20)
#1 {main}
  thrown in Command line code on line 1) = 206
writev(2, [{iov_base="\n", iov_len=1}, {iov_base=NULL, iov_len=0}], 2

Patches

accept-eperm-and-efault-for-missing-syscall (last revision 2017-10-20 09:45 UTC by martin dot zdrahal at s-team dot at)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-20 19:43 UTC] kalle@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: sammyk
 [2017-10-20 19:43 UTC] kalle@php.net
Assigning to Sammy, our random_*() magic implementor guy :)
 [2017-10-20 19:49 UTC] nikic@php.net
I'm a bit skeptical here. I can understand handling EPERM, but EFAULT would generally imply an error on *our* side, not something that should be silently ignored.
 [2017-10-21 18:11 UTC] security at paragonie dot com
EPERM is not supposed to be returned by this system call. That means that QNAP is behaving weirdly and the problem should be fixed on their side.

If a QNAP-specific workaround is desired, first we will need to ensure it's only ever employed on QNAP kernels. Is there a way to detect them at compile-time?
 [2017-10-21 18:17 UTC] security at paragonie dot com
After checking with Frank Denis, all responses except EINTR or EAGAIN should fallback to /dev/urandom. https://twitter.com/jedisct1/status/921801560006504450

So, let's make sure that is happening.
 [2017-11-03 19:03 UTC] sammyk@php.net
-Assigned To: sammyk +Assigned To: sarciszewski
 [2017-11-22 03:03 UTC] security at paragonie dot com
This should fix this issue. I hope the fix can be backported into 7.0, 7.1, and 7.2 for the next, next, and first (respectively) releases.

https://github.com/php/php-src/pull/2932/commits/9aadac9778096290c6d85946fabbe5c883a9f723
 [2017-11-22 04:33 UTC] krakjoe@php.net
Automatic comment on behalf of scott@paragonie.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=269d1601596341f574ff6c875a826ce2b671f1f0
Log: Fix bug #75409
 [2017-11-22 04:33 UTC] krakjoe@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 22:01:26 2024 UTC