diff -r c7c34916027a -r 177826044cd9 wp/wp-includes/random_compat/random_bytes_dev_urandom.php --- a/wp/wp-includes/random_compat/random_bytes_dev_urandom.php Mon Oct 14 18:06:33 2019 +0200 +++ b/wp/wp-includes/random_compat/random_bytes_dev_urandom.php Mon Oct 14 18:28:13 2019 +0200 @@ -4,8 +4,8 @@ * for using the new PHP 7 random_* API in PHP 5 projects * * The MIT License (MIT) - * - * Copyright (c) 2015 Paragon Initiative Enterprises + * + * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -30,121 +30,138 @@ define('RANDOM_COMPAT_READ_BUFFER', 8); } -if ( ! is_callable( 'random_bytes' ) ): -/** - * Unless open_basedir is enabled, use /dev/urandom for - * random numbers in accordance with best practices - * - * Why we use /dev/urandom and not /dev/random - * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers - * - * @param int $bytes - * - * @throws Exception - * - * @return string - */ -function random_bytes($bytes) -{ - static $fp = null; +if (!is_callable('random_bytes')) { /** - * This block should only be run once + * Unless open_basedir is enabled, use /dev/urandom for + * random numbers in accordance with best practices + * + * Why we use /dev/urandom and not /dev/random + * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers + * + * @param int $bytes + * + * @throws Exception + * + * @return string */ - if (empty($fp)) { + function random_bytes($bytes) + { + static $fp = null; /** - * We use /dev/urandom if it is a char device. - * We never fall back to /dev/random + * This block should only be run once */ - $fp = fopen('/dev/urandom', 'rb'); - if (!empty($fp)) { - $st = fstat($fp); - if (($st['mode'] & 0170000) !== 020000) { - fclose($fp); - $fp = false; + if (empty($fp)) { + /** + * We use /dev/urandom if it is a char device. + * We never fall back to /dev/random + */ + $fp = fopen('/dev/urandom', 'rb'); + if (!empty($fp)) { + $st = fstat($fp); + if (($st['mode'] & 0170000) !== 020000) { + fclose($fp); + $fp = false; + } + } + + if (!empty($fp)) { + /** + * stream_set_read_buffer() does not exist in HHVM + * + * If we don't set the stream's read buffer to 0, PHP will + * internally buffer 8192 bytes, which can waste entropy + * + * stream_set_read_buffer returns 0 on success + */ + if (is_callable('stream_set_read_buffer')) { + stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER); + } + if (is_callable('stream_set_chunk_size')) { + stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER); + } } } + try { + $bytes = RandomCompat_intval($bytes); + } catch (TypeError $ex) { + throw new TypeError( + 'random_bytes(): $bytes must be an integer' + ); + } + + if ($bytes < 1) { + throw new Error( + 'Length must be greater than 0' + ); + } + + /** + * This if() block only runs if we managed to open a file handle + * + * It does not belong in an else {} block, because the above + * if (empty($fp)) line is logic that should only be run once per + * page load. + */ if (!empty($fp)) { /** - * stream_set_read_buffer() does not exist in HHVM - * - * If we don't set the stream's read buffer to 0, PHP will - * internally buffer 8192 bytes, which can waste entropy - * - * stream_set_read_buffer returns 0 on success + * @var int + */ + $remaining = $bytes; + + /** + * @var string|bool + */ + $buf = ''; + + /** + * We use fread() in a loop to protect against partial reads */ - if (function_exists('stream_set_read_buffer')) { - stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER); - } - if (function_exists('stream_set_chunk_size')) { - stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER); + do { + /** + * @var string|bool + */ + $read = fread($fp, $remaining); + if (!is_string($read)) { + if ($read === false) { + /** + * We cannot safely read from the file. Exit the + * do-while loop and trigger the exception condition + * + * @var string|bool + */ + $buf = false; + break; + } + } + /** + * Decrease the number of bytes returned from remaining + */ + $remaining -= RandomCompat_strlen($read); + /** + * @var string|bool + */ + $buf = $buf . $read; + } while ($remaining > 0); + + /** + * Is our result valid? + */ + if (is_string($buf)) { + if (RandomCompat_strlen($buf) === $bytes) { + /** + * Return our random entropy buffer here: + */ + return $buf; + } } } - } - try { - $bytes = RandomCompat_intval($bytes); - } catch (TypeError $ex) { - throw new TypeError( - 'random_bytes(): $bytes must be an integer' - ); - } - - if ($bytes < 1) { - throw new Error( - 'Length must be greater than 0' + /** + * If we reach here, PHP has failed us. + */ + throw new Exception( + 'Error reading from source device' ); } - - /** - * This if() block only runs if we managed to open a file handle - * - * It does not belong in an else {} block, because the above - * if (empty($fp)) line is logic that should only be run once per - * page load. - */ - if (!empty($fp)) { - $remaining = $bytes; - $buf = ''; - - /** - * We use fread() in a loop to protect against partial reads - */ - do { - $read = fread($fp, $remaining); - if ($read === false) { - /** - * We cannot safely read from the file. Exit the - * do-while loop and trigger the exception condition - */ - $buf = false; - break; - } - /** - * Decrease the number of bytes returned from remaining - */ - $remaining -= RandomCompat_strlen($read); - $buf .= $read; - } while ($remaining > 0); - - /** - * Is our result valid? - */ - if ($buf !== false) { - if (RandomCompat_strlen($buf) === $bytes) { - /** - * Return our random entropy buffer here: - */ - return $buf; - } - } - } - - /** - * If we reach here, PHP has failed us. - */ - throw new Exception( - 'Error reading from source device' - ); } -endif;