From 42c7fb5c39dc54fba24ea2e1fb511d514c4e4d9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Tue, 3 Jul 2018 13:17:11 +0200
Subject: [PATCH] Merge branch
 '5843-security-insecure-generation-of-random-tokens' into '1.3-dev'

Resolve "Security: Insecure Generation of Random Tokens"

See merge request fusiondirectory/fd!325

(cherry picked from commit 2faf258bc10edeb8cbde7bc42b8b54eb6fee6a58)

9af5ac62 :ambulance: fix(core) Give using unpack for bytes conversion
---
 include/functions.inc | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/include/functions.inc b/include/functions.inc
index 3b8cf034a..71e0d8dcd 100644
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -2651,22 +2651,25 @@ if (!function_exists('random_int')) {
       throw new Exception('Invalid range passed to random_int');
     }
 
-    $log    = log($range, 2);
+    $log      = log($range, 2);
     // length in bytes
     $nbBytes  = (int) ($log / 8) + 1;
     // length in bits
     $nbBits   = (int) $log + 1;
     // set all lower bits to 1
-    $filter = (int) (1 << $nbBits) - 1;
+    $filter   = pow(2, $nbBits) - 1;
+    if ($filter >= PHP_INT_MAX) {
+      $filter = PHP_INT_MAX;
+    }
     do {
       $randomBytes = openssl_random_pseudo_bytes($nbBytes, $strong);
       if (!$strong || ($randomBytes === FALSE)) {
         throw new Exception('Failed to get random bytes');
       }
-      $rnd = unpack('L', $randomBytes)[1];
+      $rnd = hexdec(bin2hex($randomBytes));
       // discard irrelevant bits
       $rnd = $rnd & $filter;
-    } while ($rnd >= $range);
+    } while ($rnd > $range);
     return $min + $rnd;
   }
 }
-- 
GitLab