1 files changed, 14 insertions, 0 deletions
diff --git a/session.c b/session.c
index 6b26b11..2e5b092 100644
--- a/session.c
+++ b/session.c
@@ -34,6 +34,8 @@
 #include "ext/standard/php_var.h"
 #include "sha256.h"
+#include <fcntl.h>
 #if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
 # include "ext/hash/php_hash.h"
 #endif
@@ -864,6 +866,18 @@ void suhosin_hook_session(TSRMLS_D)
                serializer->encode = suhosin_session_encode;
        }
 #endif
+        /* increase session identifier entropy */
+        if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) {
+                
+                /* ensure that /dev/urandom exists */
+                int fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
+                if (fd >= 0) {
+                        close(fd);
+                        SESSION_G(entropy_length) = 16;
+                        SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1);
+                }
+        }
 }
 void suhosin_unhook_session(TSRMLS_D)

diff --git a/session.c b/session.c index 6b26b11..2e5b092 100644 --- a/session.c +++ b/session.c
@@ -34,6 +34,8 @@
34	#include "ext/standard/php_var.h"	34	#include "ext/standard/php_var.h"
35	#include "sha256.h"	35	#include "sha256.h"
36		36
		37	#include <fcntl.h>
		38
37	#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)	39	#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
38	# include "ext/hash/php_hash.h"	40	# include "ext/hash/php_hash.h"
39	#endif	41	#endif
@@ -864,6 +866,18 @@ void suhosin_hook_session(TSRMLS_D)
864	serializer->encode = suhosin_session_encode;	866	serializer->encode = suhosin_session_encode;
865	}	867	}
866	#endif	868	#endif
		869
		870	/* increase session identifier entropy */
		871	if (SESSION_G(entropy_length) == 0 \|\| SESSION_G(entropy_file) == NULL) {
		872
		873	/* ensure that /dev/urandom exists */
		874	int fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
		875	if (fd >= 0) {
		876	close(fd);
		877	SESSION_G(entropy_length) = 16;
		878	SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1);
		879	}
		880	}
867	}	881	}
868		882
869	void suhosin_unhook_session(TSRMLS_D)	883	void suhosin_unhook_session(TSRMLS_D)