diff options
| author | Robin Appelman <icewind@owncloud.com> | 2014-08-29 10:50:39 +0200 |
|---|---|---|
| committer | Robin Appelman <icewind@owncloud.com> | 2014-08-29 15:44:09 +0200 |
| commit | dd7b8e4555d3ad091f802f7d72ab38d38d632ea8 (patch) | |
| tree | 5d11f839f7e99546b9f0496f8c68ff6a4a1b3567 /lib | |
| parent | 033b0361edb206ac3c8303a0d8003fd6752d6f75 (diff) | |
| download | nextcloud-server-dd7b8e4555d3ad091f802f7d72ab38d38d632ea8.tar.gz nextcloud-server-dd7b8e4555d3ad091f802f7d72ab38d38d632ea8.zip | |
Remove insecure fallback random number generation
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/private/util.php | 14 |
1 files changed, 3 insertions, 11 deletions
diff --git a/lib/private/util.php b/lib/private/util.php index c79f374771c..ad078e8a44c 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -1208,6 +1208,7 @@ class OC_Util { * * @param int $length of the random string * @return string + * @throws Exception when no secure RNG source is available * Please also update secureRNGAvailable if you change something here */ public static function generateRandomBytes($length = 30) { @@ -1228,17 +1229,8 @@ class OC_Util { } } - // Fallback to mt_rand() - $characters = '0123456789'; - $characters .= 'abcdefghijklmnopqrstuvwxyz'; - $charactersLength = strlen($characters) - 1; - $pseudoByte = ""; - - // Select some random characters - for ($i = 0; $i < $length; $i++) { - $pseudoByte .= $characters[mt_rand(0, $charactersLength)]; - } - return $pseudoByte; + // No random numbers are better then bad random numbers + throw new \Exception('No secure random number generator available, please install the php-openssl extension'); } /** |