random: Do not hardcode the target type when invoking the CSPRNG (#13308)

TimWolla · web-flow · commit 7ed21e66fa7e · 2024-02-02T20:10:19.000+01:00
Instead derive the number of bytes to retrieve from the variable that is being
filled.
diff --git a/ext/random/engine_mt19937.c b/ext/random/engine_mt19937.c
@@ -240,7 +240,7 @@ PHPAPI void php_random_mt19937_seed_default(php_random_status_state_mt19937 *sta
 {
 	zend_long seed = 0;
 
-	if (php_random_bytes_silent(&seed, sizeof(zend_long)) == FAILURE) {
+	if (php_random_bytes_silent(&seed, sizeof(seed)) == FAILURE) {
 		seed = GENERATE_SEED();
 	}
 
@@ -277,7 +277,7 @@ PHP_METHOD(Random_Engine_Mt19937, __construct)
 
 	if (seed_is_null) {
 		/* MT19937 has a very large state, uses CSPRNG for seeding only */
-		if (php_random_bytes_throw(&seed, sizeof(zend_long)) == FAILURE) {
+		if (php_random_bytes_throw(&seed, sizeof(seed)) == FAILURE) {
 			zend_throw_exception(random_ce_Random_RandomException, "Failed to generate a random seed", 0);
 			RETURN_THROWS();
 		}
diff --git a/ext/random/engine_secure.c b/ext/random/engine_secure.c
@@ -29,7 +29,7 @@ static php_random_result generate(php_random_status *status)
 {
 	zend_ulong r = 0;
 
-	php_random_bytes_throw(&r, sizeof(zend_ulong));
+	php_random_bytes_throw(&r, sizeof(r));
 
 	return (php_random_result){
 		.size = sizeof(zend_ulong),

Original file line number	Diff line number	Diff line change
`@@ -240,7 +240,7 @@ PHPAPI void php_random_mt19937_seed_default(php_random_status_state_mt19937 *sta`
`240`	`240`	`{`
`241`	`241`	`zend_long seed = 0;`
`242`	`242`
`243`		`- if (php_random_bytes_silent(&seed, sizeof(zend_long)) == FAILURE) {`
	`243`	`+ if (php_random_bytes_silent(&seed, sizeof(seed)) == FAILURE) {`
`244`	`244`	`seed = GENERATE_SEED();`
`245`	`245`	`}`
`246`	`246`
`@@ -277,7 +277,7 @@ PHP_METHOD(Random_Engine_Mt19937, __construct)`
`277`	`277`
`278`	`278`	`if (seed_is_null) {`
`279`	`279`	`/* MT19937 has a very large state, uses CSPRNG for seeding only */`
`280`		`- if (php_random_bytes_throw(&seed, sizeof(zend_long)) == FAILURE) {`
	`280`	`+ if (php_random_bytes_throw(&seed, sizeof(seed)) == FAILURE) {`
`281`	`281`	`zend_throw_exception(random_ce_Random_RandomException, "Failed to generate a random seed", 0);`
`282`	`282`	`RETURN_THROWS();`
`283`	`283`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ static php_random_result generate(php_random_status *status)`
`29`	`29`	`{`
`30`	`30`	`zend_ulong r = 0;`
`31`	`31`
`32`		`- php_random_bytes_throw(&r, sizeof(zend_ulong));`
	`32`	`+ php_random_bytes_throw(&r, sizeof(r));`
`33`	`33`
`34`	`34`	`return (php_random_result){`
`35`	`35`	`.size = sizeof(zend_ulong),`