10 files changed, 215 insertions, 80 deletions

diff --git a/config.m4 b/config.m4
index 0e40aa2..2860b8d 100644
--- a/config.m4
+++ b/config.m4
@@ -5,7 +5,7 @@ PHP_ARG_ENABLE(suhosin7, whether to enable suhosin support,
 [  --enable-suhosin7        Enable suhosin support])
 
 if test "$PHP_SUHOSIN7" != "no"; then
-        PHP_NEW_EXTENSION(suhosin7, suhosin7.c ifilter.c memory_limit.c aes.c treat_data.c log.c execute.c execute_ih.c crypt.c cookiecrypt.c header.c, $ext_shared,, [-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1])
+        PHP_NEW_EXTENSION(suhosin7, suhosin7.c ifilter.c memory_limit.c aes.c treat_data.c log.c execute.c execute_ih.c execute_rnd.c crypt.c cookiecrypt.c header.c, $ext_shared,, [-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1])
         PHP_ADD_EXTENSION_DEP(suhosin7, hash)
         echo "===== WARNING ============================================"
         echo "  Suhosin7 for PHP 7 is in alpha stage at the moment and"
diff --git a/execute.c b/execute.c
index ea9b21a..65dec2e 100644
--- a/execute.c
+++ b/execute.c
@@ -23,7 +23,6 @@
 #include "config.h"
 #endif
 
-// #include <fcntl.h>
 #include "php.h"
 // #include "php_ini.h"
 // #include "zend_hash.h"
@@ -37,7 +36,6 @@
 #include "SAPI.h"
 #include "execute.h"
 
-// #include "sha256.h"
 
 // #ifdef PHP_WIN32
 // # include "win32/fnmatch.h"
@@ -555,6 +553,13 @@ static suhosin_internal_function_handler ihandlers[] = {
         // { "mail", ih_mail, NULL, NULL, NULL },
         // { "symlink", ih_symlink, NULL, NULL, NULL },
         
+        // random number functions
+        S7_IH_ENTRY0i(srand)
+        S7_IH_ENTRY0i(mt_srand)
+        S7_IH_ENTRY0i(rand)
+        S7_IH_ENTRY0i(mt_rand)
+        S7_IH_ENTRY0i(getrandmax)
+        S7_IH_ENTRY0("mt_getrandmax", getrandmax)
         // { "srand", ih_srand, NULL, NULL, NULL },
         // { "mt_srand", ih_mt_srand, NULL, NULL, NULL },
         // { "rand", ih_rand, NULL, NULL, NULL },
diff --git a/execute.h b/execute.h
index 03d19d3..e4eca98 100644
--- a/execute.h
+++ b/execute.h
@@ -18,4 +18,12 @@ typedef struct _suhosin_internal_function_handler {
         void *arg3;
 } suhosin_internal_function_handler;
 
+// execute_ih.c
 S7_IH_FUNCTION(preg_replace);
+
+// execute_rnd.c
+S7_IH_FUNCTION(srand);
+S7_IH_FUNCTION(mt_srand);
+S7_IH_FUNCTION(mt_rand);
+S7_IH_FUNCTION(rand);
+S7_IH_FUNCTION(getrandmax);
diff --git a/execute_rnd.c b/execute_rnd.c
index 9647b63..e2f6016 100644
--- a/execute_rnd.c
+++ b/execute_rnd.c
@@ -1,5 +1,26 @@
+/*
+  +----------------------------------------------------------------------+
+  | Suhosin Version 1                                                    |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 2006-2007 The Hardened-PHP Project                     |
+  | Copyright (c) 2007-2016 SektionEins GmbH                             |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 3.01 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available through the world-wide-web at the following url:           |
+  | http://www.php.net/license/3_01.txt                                  |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Authors: Stefan Esser <sesser@sektioneins.de>                        |
+  |          Ben Fuhrmannek <ben.fuhrmannek@sektioneins.de>              |
+  +----------------------------------------------------------------------+
+*/
+
 /* MT RAND FUNCTIONS */
 
+
 /*
         The following php_mt_...() functions are based on a C++ class MTRand by
         Richard J. Wagner. For more information see the web page at
@@ -55,12 +76,27 @@
         The original code included the following notice:
 
         When you use this, send an email to: matumoto@math.keio.ac.jp
-    with an appropriate reference to your work.
+        with an appropriate reference to your work.
 
         It would be nice to CC: rjwagner@writeme.com and Cokus@math.washington.edu
         when you write.
 */
 
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "php.h"
+#include "php_suhosin7.h"
+#include "ext/hash/php_hash.h"
+#include "ext/hash/php_hash_sha.h"
+#include "ext/standard/php_lcg.h"
+#include "ext/standard/php_rand.h"
+#include "execute.h"
+
+#include <fcntl.h>
+
+
 #define N             624                 /* length of state vector */
 #define M             (397)                /* a period parameter */
 #define hiBit(u)      ((u) & 0x80000000U)  /* mask all but highest   bit of u */
@@ -93,21 +129,21 @@ static inline void suhosin_mt_initialize(php_uint32 seed, php_uint32 *state)
 
 static inline void suhosin_mt_init_by_array(php_uint32 *key, int keylen, php_uint32 *state)
 {
-    int i, j, k;
-    suhosin_mt_initialize(19650218U, state);
-    i = 1; j = 0;
-    k = (N > keylen ? N : keylen);
-    for (; k; k--) {
-        state[i] = (state[i] ^ ((state[i-1] ^ (state[i-1] >> 30)) * 1664525U)) + key[j] + j;
-        i++; j = (j+1) % keylen;
-        if (i >= N) { state[0] = state[N-1]; i=1; }
-    }
-    for (k=N-1; k; k--) {
-        state[i] = (state[i] ^ ((state[i-1] ^ (state[i-1] >> 30)) * 1566083941U)) - i;
-        i++;
-        if (i >= N) { state[0] = state[N-1]; i=1; }
-    }
-    state[0] = 0x80000000U;
+        int i, j, k;
+        suhosin_mt_initialize(19650218U, state);
+        i = 1; j = 0;
+        k = (N > keylen ? N : keylen);
+        for (; k; k--) {
+                state[i] = (state[i] ^ ((state[i-1] ^ (state[i-1] >> 30)) * 1664525U)) + key[j] + j;
+                i++; j = (j+1) % keylen;
+                if (i >= N) { state[0] = state[N-1]; i=1; }
+        }
+        for (k=N-1; k; k--) {
+                state[i] = (state[i] ^ ((state[i-1] ^ (state[i-1] >> 30)) * 1566083941U)) - i;
+                i++;
+                if (i >= N) { state[0] = state[N-1]; i=1; }
+        }
+        state[0] = 0x80000000U;
 }
 /* }}} */
 
@@ -171,48 +207,54 @@ static php_uint32 suhosin_mt_rand()
  */
 static void SUHOSIN7_Gen_entropy(php_uint32 *entropybuf)
 {
-    php_uint32 seedbuf[20];
-    /* On a modern OS code, stack and heap base are randomized */
-    unsigned long code_value  = (unsigned long)SUHOSIN7_Gen_entropy;
-    unsigned long stack_value = (unsigned long)&code_value;
-    unsigned long heap_value  = (unsigned long)SUHOSIN7_G(r_state);
-    suhosin_SHA256_CTX   context;
-    int fd;
-    
-    code_value ^= code_value >> 32;
-    stack_value ^= stack_value >> 32;
-    heap_value ^= heap_value >> 32;
-    
-    seedbuf[0] = code_value;
-    seedbuf[1] = stack_value;
-    seedbuf[2] = heap_value;
-    seedbuf[3] = time(0);
+        php_uint32 seedbuf[20];
+        /* On a modern OS code, stack and heap base are randomized */
+        unsigned long code_value  = (unsigned long)SUHOSIN7_Gen_entropy;
+        unsigned long stack_value = (unsigned long)&code_value;
+        unsigned long heap_value  = (unsigned long)SUHOSIN7_G(r_state);
+        PHP_SHA256_CTX   context;
+        int fd;
+
+        code_value ^= code_value >> 32;
+        stack_value ^= stack_value >> 32;
+        heap_value ^= heap_value >> 32;
+
+        seedbuf[0] = code_value;
+        seedbuf[1] = stack_value;
+        seedbuf[2] = heap_value;
+        seedbuf[3] = time(0);
 #ifdef PHP_WIN32
-    seedbuf[4] = GetCurrentProcessId();
+        seedbuf[4] = GetCurrentProcessId();
 #else
-    seedbuf[4] = getpid();
+        seedbuf[4] = getpid();
 #endif
-    seedbuf[5] = (php_uint32) 0x7fffffff * php_combined_lcg();
+        seedbuf[5] = (php_uint32) 0x7fffffff * php_combined_lcg();
 
 #ifndef PHP_WIN32
-    fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
-    if (fd >= 0) {
-        /* ignore error case - if urandom doesn't give us any/enough random bytes */
-        read(fd, &seedbuf[6], 8 * sizeof(php_uint32));
-        close(fd);
-    }
+# if HAVE_DEV_URANDOM
+#  ifdef VIRTUAL_DIR
+        fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
+#  else
+        fd = open("/dev/urandom", O_RDONLY);
+#  endif
+        if (fd >= 0) {
+                /* ignore error case - if urandom doesn't give us any/enough random bytes */
+                read(fd, &seedbuf[6], 8 * sizeof(php_uint32));
+                close(fd);
+        }
+# endif
 #else
-    /* we have to live with the possibility that this call fails */
-    php_win32_get_random_bytes((unsigned char*)&seedbuf[6], 8 * sizeof(php_uint32));
+        /* we have to live with the possibility that this call fails */
+        php_win32_get_random_bytes((unsigned char*)&seedbuf[6], 8 * sizeof(php_uint32));
 #endif
 
-    suhosin_SHA256Init(&context);
-    /* to our friends from Debian: yes this will add unitialized stack values to the entropy DO NOT REMOVE */
-    suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(seedbuf));
-    if (SUHOSIN7_G(seedingkey) != NULL && *SUHOSIN7_G(seedingkey) != 0) {
-        suhosin_SHA256Update(&context, (unsigned char*)SUHOSIN7_G(seedingkey), strlen(SUHOSIN7_G(seedingkey)));
-    }
-    suhosin_SHA256Final((void *)entropybuf, &context);
+        PHP_SHA256Init(&context);
+        /* to our friends from Debian: yes this will add unitialized stack values to the entropy DO NOT REMOVE */
+        PHP_SHA256Update(&context, (void *) seedbuf, sizeof(seedbuf));
+        if (SUHOSIN7_G(seedingkey) != NULL && *SUHOSIN7_G(seedingkey) != 0) {
+                PHP_SHA256Update(&context, (unsigned char*)SUHOSIN7_G(seedingkey), strlen(SUHOSIN7_G(seedingkey)));
+        }
+        PHP_SHA256Final((void *)entropybuf, &context);
 }
 /* }}} */
 
@@ -283,7 +325,7 @@ static php_uint32 suhosin_rand()
 }
 /* }}} */
 
-static int ih_srand(IH_HANDLER_PARAMS)
+S7_IH_FUNCTION(srand)
 {
         int argc = ZEND_NUM_ARGS();
         long seed;
@@ -305,7 +347,7 @@ static int ih_srand(IH_HANDLER_PARAMS)
         return (1);
 }
 
-static int ih_mt_srand(IH_HANDLER_PARAMS)
+S7_IH_FUNCTION(mt_srand)
 {
         int argc = ZEND_NUM_ARGS();
         long seed;
@@ -327,7 +369,7 @@ static int ih_mt_srand(IH_HANDLER_PARAMS)
         return 1;
 }
 
-static int ih_mt_rand(IH_HANDLER_PARAMS)
+S7_IH_FUNCTION(mt_rand)
 {
         int argc = ZEND_NUM_ARGS();
         long min;
@@ -351,7 +393,7 @@ static int ih_mt_rand(IH_HANDLER_PARAMS)
         return (1);
 }
 
-static int ih_rand(IH_HANDLER_PARAMS)
+S7_IH_FUNCTION(rand)
 {
         int argc = ZEND_NUM_ARGS();
         long min;
@@ -375,7 +417,7 @@ static int ih_rand(IH_HANDLER_PARAMS)
         return (1);
 }
 
-static int ih_getrandmax(IH_HANDLER_PARAMS)
+S7_IH_FUNCTION(getrandmax)
 {
         if (zend_parse_parameters_none() == FAILURE) {
                 return(0);
diff --git a/php_suhosin7.h b/php_suhosin7.h
index 1e674ad..7a57fe1 100644
--- a/php_suhosin7.h
+++ b/php_suhosin7.h
@@ -67,7 +67,7 @@ extern zend_module_entry suhosin7_module_entry;
 // PHP_RSHUTDOWN_FUNCTION(suhosin);
 // PHP_MINFO_FUNCTION(suhosin);
 
-// #include "ext/standard/basic_functions.h"
+#include "ext/standard/basic_functions.h"
 
 static inline int suhosin_is_protected_varname(char *var, int var_len)
 {
@@ -252,20 +252,20 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin7)
         zend_bool       disable_display_errors;
 
         /* random number generator */
-        // php_uint32   r_state[625];
-        // php_uint32   *r_next;
-        // int          r_left;
-        // zend_bool    srand_ignore;
-        // zend_bool    mt_srand_ignore;
-        // php_uint32   mt_state[625];
-        // php_uint32   *mt_next;
-        // int          mt_left;
-        // 
-        // char         *seedingkey;
-        // zend_bool    reseed_every_request;
+        php_uint32   r_state[625];
+        php_uint32   *r_next;
+        int          r_left;
+        zend_bool    srand_ignore;
+        zend_bool    mt_srand_ignore;
+        php_uint32   mt_state[625];
+        php_uint32   *mt_next;
+        int          mt_left;
+        
+        char         *seedingkey;
+        zend_bool    reseed_every_request;
         // 
-        // zend_bool r_is_seeded; 
-        // zend_bool mt_is_seeded;
+        zend_bool r_is_seeded; 
+        zend_bool mt_is_seeded;
 
 
 /*      memory_limit */
diff --git a/suhosin7.c b/suhosin7.c
index 1537130..a282cda 100644
--- a/suhosin7.c
+++ b/suhosin7.c
@@ -407,10 +407,10 @@ PHP_INI_BEGIN()
         STD_S7_INI_BOOLEAN("suhosin.server.encode", "1", PHP_INI_SYSTEM, OnUpdateBool, server_encode)
         STD_S7_INI_BOOLEAN("suhosin.server.strip", "1", PHP_INI_SYSTEM, OnUpdateBool, server_strip)
         // 
-        // STD_S7_INI_ENTRY("suhosin.rand.seedingkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, seedingkey)
-        // STD_S7_INI_BOOLEAN("suhosin.rand.reseed_every_request", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscBool, reseed_every_request)
-        // STD_S7_INI_BOOLEAN("suhosin.srand.ignore", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscBool, srand_ignore)
-        // STD_S7_INI_BOOLEAN("suhosin.mt_srand.ignore", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscBool, mt_srand_ignore)
+        STD_S7_INI_ENTRY("suhosin.rand.seedingkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, seedingkey)
+        STD_S7_INI_BOOLEAN("suhosin.rand.reseed_every_request", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscBool, reseed_every_request)
+        STD_S7_INI_BOOLEAN("suhosin.srand.ignore", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscBool, srand_ignore)
+        STD_S7_INI_BOOLEAN("suhosin.mt_srand.ignore", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscBool, mt_srand_ignore)
 
 
 PHP_INI_END()
@@ -576,10 +576,10 @@ PHP_RSHUTDOWN_FUNCTION(suhosin7)
 
         SUHOSIN7_G(abort_request) = 0;
 
-        // if (SUHOSIN7_G(reseed_every_request)) {
-        //      SUHOSIN7_G(r_is_seeded) = 0;
-        //      SUHOSIN7_G(mt_is_seeded) = 0;
-        // }
+        if (SUHOSIN7_G(reseed_every_request)) {
+                SUHOSIN7_G(r_is_seeded) = 0;
+                SUHOSIN7_G(mt_is_seeded) = 0;
+        }
 
         if (SUHOSIN7_G(decrypted_cookie)) {
                 efree(SUHOSIN7_G(decrypted_cookie));
diff --git a/tests/misc/mt_srand_ignore_off.phpt b/tests/misc/mt_srand_ignore_off.phpt
new file mode 100644
index 0000000..bc7f322
--- /dev/null
+++ b/tests/misc/mt_srand_ignore_off.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Testing: suhosin.mt_srand.ignore=0
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.log.sapi=255
+suhosin.log.stdout=0
+suhosin.log.script=0
+suhosin.log.syslog=0
+suhosin.mt_srand.ignore=0
+--FILE--
+<?php
+        mt_srand(1);
+        $var1 = mt_rand();
+        mt_srand(1);
+        $var2 = mt_rand();
+        var_dump($var1 == $var2);
+?>
+--EXPECTF--
+bool(true)
diff --git a/tests/misc/mt_srand_ignore_on.phpt b/tests/misc/mt_srand_ignore_on.phpt
new file mode 100644
index 0000000..8d276f7
--- /dev/null
+++ b/tests/misc/mt_srand_ignore_on.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Testing: suhosin.mt_srand.ignore=1
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.log.sapi=255
+suhosin.log.stdout=0
+suhosin.log.script=0
+suhosin.log.syslog=0
+suhosin.mt_srand.ignore=1
+--FILE--
+<?php
+        mt_srand(1);
+        $var1 = mt_rand();
+        mt_srand(1);
+        $var2 = mt_rand();
+        var_dump($var1 != $var2);
+?>
+--EXPECTF--
+bool(true)
diff --git a/tests/misc/srand_ignore_off.phpt b/tests/misc/srand_ignore_off.phpt
new file mode 100644
index 0000000..2f6f385
--- /dev/null
+++ b/tests/misc/srand_ignore_off.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Testing: suhosin.srand.ignore=0
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.log.sapi=255
+suhosin.log.stdout=0
+suhosin.log.script=0
+suhosin.log.syslog=0
+suhosin.srand.ignore=0
+--FILE--
+<?php
+        srand(1);
+        $var1 = rand();
+        srand(1);
+        $var2 = rand();
+        var_dump($var1 == $var2);
+?>
+--EXPECTF--
+bool(true)
diff --git a/tests/misc/srand_ignore_on.phpt b/tests/misc/srand_ignore_on.phpt
new file mode 100644
index 0000000..9f526b5
--- /dev/null
+++ b/tests/misc/srand_ignore_on.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Testing: suhosin.srand.ignore=1
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.log.sapi=255
+suhosin.log.stdout=0
+suhosin.log.script=0
+suhosin.log.syslog=0
+suhosin.srand.ignore=1
+--FILE--
+<?php
+        srand(1);
+        $var1 = rand();
+        srand(1);
+        $var2 = rand();
+        var_dump($var1 != $var2);
+?>
+--EXPECTF--
+bool(true)