[packages/php-pecl-solr.git] / do-not-screw-with-random-seed.patch

DO NOT SCREW WITH RANDOM SEED

Do not initialize the seed with srand or mt_srand, it is already initialized
since PHP 4.2.0 (See the docs). And if you initialize it with time or microtime
you make it only more worse (predictable).

And initializing random seed with predictable value is extremely stupid.

I had situation that three machines simulatenously produced temporary directory
names based on random generator, and they all got same results, this is utterly
screwed up up the application!

Jul  6 10:37:26 segusilm php.fcgi: PHP Fatal error:  Uncaught exception 'Exception' with message 'Can't mkdir '/tmp/foo_UZNHCMUDWZ/archive': mkdir(): File exists' in /usr/share/foo/lib/plugins/Plugin.php:127
Jul  6 10:37:26 lordi php.fcgi: PHP Warning:  unlink(/tmp/foo_UZNHCMUDWZ/archive/title.inc): No such file or directory in /usr/share/foo/lib/helper/OutputHelper.php on line 68

it is strongly recommended for PHP application developers to keep their fingers
away from srand() or mt_srand() and to never ever use rand() or mt_rand() for
cryptographic secrets:
http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

Bugreport: https://bugs.php.net/bug.php?id=62835
Source: http://cvs.pld-linux.org/packages/php-pecl-solr/do-not-screw-with-random-seed.patch
Signed-Off-By: Elan Ruusamäe <glen@pld-linux.org>
Tested-By: Elan Ruusamäe <glen@delfi.ee>
--- php-pecl-solr-1.0.2/php_solr.c~	2011-11-29 04:50:07.000000000 +0200
+++ php-pecl-solr-1.0.2/php_solr.c	2012-07-06 18:15:25.730180032 +0300
@@ -1082,9 +1082,6 @@
 	/* Always NULL. Kept for API backward compatibility purposes only */
 	hash_func_t pHashFunction    = NULL;
 
-	/* initialize random seed */
-	srand(time(NULL));
-
 	ALLOC_HASHTABLE(SOLR_GLOBAL(documents));
 	ALLOC_HASHTABLE(SOLR_GLOBAL(clients));
 	ALLOC_HASHTABLE(SOLR_GLOBAL(params));
Commit	Line	Data
d0d88926 ER	1	DO NOT SCREW WITH RANDOM SEED
	2
	3	Do not initialize the seed with srand or mt_srand, it is already initialized
	4	since PHP 4.2.0 (See the docs). And if you initialize it with time or microtime
	5	you make it only more worse (predictable).
	6
	7	And initializing random seed with predictable value is extremely stupid.
	8
	9	I had situation that three machines simulatenously produced temporary directory
	10	names based on random generator, and they all got same results, this is utterly
	11	screwed up up the application!
	12
	13	Jul 6 10:37:26 segusilm php.fcgi: PHP Fatal error: Uncaught exception 'Exception' with message 'Can't mkdir '/tmp/foo_UZNHCMUDWZ/archive': mkdir(): File exists' in /usr/share/foo/lib/plugins/Plugin.php:127
	14	Jul 6 10:37:26 lordi php.fcgi: PHP Warning: unlink(/tmp/foo_UZNHCMUDWZ/archive/title.inc): No such file or directory in /usr/share/foo/lib/helper/OutputHelper.php on line 68
	15
	16	it is strongly recommended for PHP application developers to keep their fingers
	17	away from srand() or mt_srand() and to never ever use rand() or mt_rand() for
	18	cryptographic secrets:
	19	http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
	20
679c5dc2 ER	21	Bugreport: https://bugs.php.net/bug.php?id=62835
	22	Source: http://cvs.pld-linux.org/packages/php-pecl-solr/do-not-screw-with-random-seed.patch
	23	Signed-Off-By: Elan Ruusamäe <glen@pld-linux.org>
	24	Tested-By: Elan Ruusamäe <glen@delfi.ee>
d0d88926 ER	25	--- php-pecl-solr-1.0.2/php_solr.c~ 2011-11-29 04:50:07.000000000 +0200
	26	+++ php-pecl-solr-1.0.2/php_solr.c 2012-07-06 18:15:25.730180032 +0300
	27	@@ -1082,9 +1082,6 @@
	28	/* Always NULL. Kept for API backward compatibility purposes only */
	29	hash_func_t pHashFunction = NULL;
	30
	31	- /* initialize random seed */
	32	- srand(time(NULL));
	33	-
	34	ALLOC_HASHTABLE(SOLR_GLOBAL(documents));
	35	ALLOC_HASHTABLE(SOLR_GLOBAL(clients));
	36	ALLOC_HASHTABLE(SOLR_GLOBAL(params));