3 files changed, 26 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index 50759a8..c212737 100644
--- a/Changelog
+++ b/Changelog
@@ -8,6 +8,7 @@
    - Added php_win32_get_random_bytes for windows compatibility in random seeding
    - Added suhosin.rand.seedingkey for INI supplied additional entropy string (idea DavisNT)
    - Added suhosin.rand.reseed_every_request to allow reseeding on every request (idea DavisNT)
+    - Changed that calls to srand() / mt_srand() will trigger auto reseeding (idea DavisNT)
    - Added LICENSE file to make distributions happy
 2014-02-24 - 0.9.35
diff --git a/execute.c b/execute.c
index 103a8bf..1f7cf15 100644
--- a/execute.c
+++ b/execute.c
@@ -1452,6 +1452,9 @@ static int ih_srand(IH_HANDLER_PARAMS)
        long seed;
        if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE || SUHOSIN_G(srand_ignore)) {
+        if (SUHOSIN_G(srand_ignore)) {
+                SUHOSIN_G(r_is_seeded) = 0;
+        }
        return (1);
    }
@@ -1469,6 +1472,9 @@ static int ih_mt_srand(IH_HANDLER_PARAMS)
        long seed;
        if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE || SUHOSIN_G(mt_srand_ignore)) {
+        if (SUHOSIN_G(mt_srand_ignore)) {
+                SUHOSIN_G(mt_is_seeded) = 0;
+        }
        return (1);
    }
    
diff --git a/suhosin.ini b/suhosin.ini
index 3d3e89b..ce8e8e9 100644
--- a/suhosin.ini
+++ b/suhosin.ini
@@ -191,6 +191,25 @@ suhosin.mail.protect = 1
 ;suhosin.memory_limit = 0
 ; -----------------------------------------------------------------------------
+; Randomness Options
+; Flag that controls if calls to srand() are ignored in favour of suhosin's 
+; own enhanced seeding - since 0.9.36 calls will trigger auto-reseeding
+;suhosin.srand.ignore = On
+; Flag that controls if calls to mt_srand() are ignored in favour of suhosin's 
+; own enhanced seeding - since 0.9.36 calls will trigger auto-reseeding
+;suhosin.mt_srand.ignore = On
+; Server configuration can add a string into the entropy generation to further
+; improve the entropy used for reseeding rand()/mt_rand()
+;suhosin.rand.seedingkey = 
+; Controls if automatic reseeding of rand() / mt_rand() is done for every
+; new request. Will improve security but decrease performance.
+; suhosin.rand.reseed_every_request = Off
+; -----------------------------------------------------------------------------
 ; Transparent Encryption Options
 ; Flag that decides if the transparent session encryption is activated or not.

diff --git a/Changelog b/Changelog index 50759a8..c212737 100644 --- a/Changelog +++ b/Changelog
@@ -8,6 +8,7 @@
8	- Added php_win32_get_random_bytes for windows compatibility in random seeding	8	- Added php_win32_get_random_bytes for windows compatibility in random seeding
9	- Added suhosin.rand.seedingkey for INI supplied additional entropy string (idea DavisNT)	9	- Added suhosin.rand.seedingkey for INI supplied additional entropy string (idea DavisNT)
10	- Added suhosin.rand.reseed_every_request to allow reseeding on every request (idea DavisNT)	10	- Added suhosin.rand.reseed_every_request to allow reseeding on every request (idea DavisNT)
		11	- Changed that calls to srand() / mt_srand() will trigger auto reseeding (idea DavisNT)
11	- Added LICENSE file to make distributions happy	12	- Added LICENSE file to make distributions happy
12		13
13	2014-02-24 - 0.9.35	14	2014-02-24 - 0.9.35


diff --git a/execute.c b/execute.c index 103a8bf..1f7cf15 100644 --- a/execute.c +++ b/execute.c
@@ -1452,6 +1452,9 @@ static int ih_srand(IH_HANDLER_PARAMS)
1452	long seed;	1452	long seed;
1453		1453
1454	if (zend_parse_parameters(argc TSRMLS_CC, "\|l", &seed) == FAILURE \|\| SUHOSIN_G(srand_ignore)) {	1454	if (zend_parse_parameters(argc TSRMLS_CC, "\|l", &seed) == FAILURE \|\| SUHOSIN_G(srand_ignore)) {
		1455	if (SUHOSIN_G(srand_ignore)) {
		1456	SUHOSIN_G(r_is_seeded) = 0;
		1457	}
1455	return (1);	1458	return (1);
1456	}	1459	}
1457		1460
@@ -1469,6 +1472,9 @@ static int ih_mt_srand(IH_HANDLER_PARAMS)
1469	long seed;	1472	long seed;
1470		1473
1471	if (zend_parse_parameters(argc TSRMLS_CC, "\|l", &seed) == FAILURE \|\| SUHOSIN_G(mt_srand_ignore)) {	1474	if (zend_parse_parameters(argc TSRMLS_CC, "\|l", &seed) == FAILURE \|\| SUHOSIN_G(mt_srand_ignore)) {
		1475	if (SUHOSIN_G(mt_srand_ignore)) {
		1476	SUHOSIN_G(mt_is_seeded) = 0;
		1477	}
1472	return (1);	1478	return (1);
1473	}	1479	}
1474		1480


diff --git a/suhosin.ini b/suhosin.ini index 3d3e89b..ce8e8e9 100644 --- a/suhosin.ini +++ b/suhosin.ini
@@ -191,6 +191,25 @@ suhosin.mail.protect = 1
191	;suhosin.memory_limit = 0	191	;suhosin.memory_limit = 0
192		192
193	; -----------------------------------------------------------------------------	193	; -----------------------------------------------------------------------------
		194	; Randomness Options
		195
		196	; Flag that controls if calls to srand() are ignored in favour of suhosin's
		197	; own enhanced seeding - since 0.9.36 calls will trigger auto-reseeding
		198	;suhosin.srand.ignore = On
		199
		200	; Flag that controls if calls to mt_srand() are ignored in favour of suhosin's
		201	; own enhanced seeding - since 0.9.36 calls will trigger auto-reseeding
		202	;suhosin.mt_srand.ignore = On
		203
		204	; Server configuration can add a string into the entropy generation to further
		205	; improve the entropy used for reseeding rand()/mt_rand()
		206	;suhosin.rand.seedingkey =
		207
		208	; Controls if automatic reseeding of rand() / mt_rand() is done for every
		209	; new request. Will improve security but decrease performance.
		210	; suhosin.rand.reseed_every_request = Off
		211
		212	; -----------------------------------------------------------------------------
194	; Transparent Encryption Options	213	; Transparent Encryption Options
195		214
196	; Flag that decides if the transparent session encryption is activated or not.	215	; Flag that decides if the transparent session encryption is activated or not.