Patch do-not-screw-with-random-seed.patch for solr Bug #62835
Patch version 2012-08-29 11:27 UTC
Return to Bug #62835 |
Download this patch
Patch Revisions:
Developer: glen@delfi.ee
DO NOT SCREW WITH RANDOM SEED
Do not initialize the seed with srand or mt_srand, it is already initialized
since PHP 4.2.0 (See the docs). And if you initialize it with time or microtime
you make it only more worse (predictable).
And initializing random seed with predictable value is extremely stupid.
I had situation that three machines simulatenously produced temporary directory
names based on random generator, and they all got same results, this is utterly
screwed up up the application!
Jul 6 10:37:26 segusilm php.fcgi: PHP Fatal error: Uncaught exception 'Exception' with message 'Can't mkdir '/tmp/foo_UZNHCMUDWZ/archive': mkdir(): File exists' in /usr/share/foo/lib/plugins/Plugin.php:127
Jul 6 10:37:26 lordi php.fcgi: PHP Warning: unlink(/tmp/foo_UZNHCMUDWZ/archive/title.inc): No such file or directory in /usr/share/foo/lib/helper/OutputHelper.php on line 68
it is strongly recommended for PHP application developers to keep their fingers
away from srand() or mt_srand() and to never ever use rand() or mt_rand() for
cryptographic secrets:
http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
Bugreport: https://bugs.php.net/bug.php?id=62835
Source: http://cvs.pld-linux.org/packages/php-pecl-solr/do-not-screw-with-random-seed.patch
Signed-Off-By: Elan Ruusamäe <glen@pld-linux.org>
Tested-By: Elan Ruusamäe <glen@delfi.ee>
--- php-pecl-solr-1.0.2/php_solr.c~ 2011-11-29 04:50:07.000000000 +0200
+++ php-pecl-solr-1.0.2/php_solr.c 2012-07-06 18:15:25.730180032 +0300
@@ -1082,9 +1082,6 @@
/* Always NULL. Kept for API backward compatibility purposes only */
hash_func_t pHashFunction = NULL;
- /* initialize random seed */
- srand(time(NULL));
-
ALLOC_HASHTABLE(SOLR_GLOBAL(documents));
ALLOC_HASHTABLE(SOLR_GLOBAL(clients));
ALLOC_HASHTABLE(SOLR_GLOBAL(params));
|
Copyright © 2001-2024 The PHP Group