From 7d69d6801392232abec655163c2a2af2bb626410 Mon Sep 17 00:00:00 2001
From: Stefan
Date: Sun, 28 Mar 2010 19:55:45 +0200
Subject: Increase session identifier entropy by using /dev/urandom if
 available

---
 session.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'session.c')

diff --git a/session.c b/session.c
index 6b26b11..2e5b092 100644
--- a/session.c
+++ b/session.c
@@ -34,6 +34,8 @@
 #include "ext/standard/php_var.h"
 #include "sha256.h"
 
+#include <fcntl.h>
+
 #if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
 # include "ext/hash/php_hash.h"
 #endif
@@ -864,6 +866,18 @@ void suhosin_hook_session(TSRMLS_D)
                 serializer->encode = suhosin_session_encode;
         }
 #endif
+
+        /* increase session identifier entropy */
+        if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) {
+                
+                /* ensure that /dev/urandom exists */
+                int fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
+                if (fd >= 0) {
+                        close(fd);
+                        SESSION_G(entropy_length) = 16;
+                        SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1);
+                }
+        }
 }
 
 void suhosin_unhook_session(TSRMLS_D)
-- 
cgit v1.3