From 7c241620c0b9fc15212485234504334e25d533f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 15 Nov 2018 21:17:59 +0100 Subject: [PATCH] replace random_bytes --- .../lib/classes/Swift/Mime/IdGenerator.php | 2 +- .../classes/Swift/Mime/SimpleMimeEntity.php | 6 +++--- .../Transport/Esmtp/Auth/NTLMAuthenticator.php | 18 +++++++++++++++++- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/htdocs/includes/swiftmailer/lib/classes/Swift/Mime/IdGenerator.php b/htdocs/includes/swiftmailer/lib/classes/Swift/Mime/IdGenerator.php index 6e98ee8975d..8d9452bd0f0 100644 --- a/htdocs/includes/swiftmailer/lib/classes/Swift/Mime/IdGenerator.php +++ b/htdocs/includes/swiftmailer/lib/classes/Swift/Mime/IdGenerator.php @@ -46,7 +46,7 @@ class Swift_Mime_IdGenerator implements Swift_IdGenerator */ public function generateId() { - $idLeft = bin2hex(random_bytes(16)); // set 32 hex values + $idLeft = md5(getmypid().'.'.time().'.'.uniqid(mt_rand(), true)); return $idLeft.'@'.$this->idRight; } diff --git a/htdocs/includes/swiftmailer/lib/classes/Swift/Mime/SimpleMimeEntity.php b/htdocs/includes/swiftmailer/lib/classes/Swift/Mime/SimpleMimeEntity.php index a434729f613..980f1cedc1c 100644 --- a/htdocs/includes/swiftmailer/lib/classes/Swift/Mime/SimpleMimeEntity.php +++ b/htdocs/includes/swiftmailer/lib/classes/Swift/Mime/SimpleMimeEntity.php @@ -92,7 +92,7 @@ class Swift_Mime_SimpleMimeEntity implements Swift_Mime_CharsetObserver, Swift_M */ public function __construct(Swift_Mime_SimpleHeaderSet $headers, Swift_Mime_ContentEncoder $encoder, Swift_KeyCache $cache, Swift_IdGenerator $idGenerator) { - $this->cacheKey = bin2hex(random_bytes(16)); // set 32 hex values + $this->cacheKey = md5(getmypid().'.'.time().'.'.uniqid(mt_rand(), true)); $this->cache = $cache; $this->headers = $headers; $this->idGenerator = $idGenerator; @@ -420,7 +420,7 @@ class Swift_Mime_SimpleMimeEntity implements Swift_Mime_CharsetObserver, Swift_M public function getBoundary() { if (!isset($this->boundary)) { - $this->boundary = '_=_swift_'.time().'_'.bin2hex(random_bytes(16)).'_=_'; + $this->boundary = '_=_swift_'.time().'_'.md5(getmypid().'.'.time().'.'.uniqid(mt_rand(), true)).'_=_'; } return $this->boundary; @@ -813,7 +813,7 @@ class Swift_Mime_SimpleMimeEntity implements Swift_Mime_CharsetObserver, Swift_M { $this->headers = clone $this->headers; $this->encoder = clone $this->encoder; - $this->cacheKey = bin2hex(random_bytes(16)); // set 32 hex values + $this->cacheKey = md5(getmypid().'.'.time().'.'.uniqid(mt_rand(), true)); $children = array(); foreach ($this->children as $pos => $child) { $children[$pos] = clone $child; diff --git a/htdocs/includes/swiftmailer/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php b/htdocs/includes/swiftmailer/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php index fa5d2110041..b640c1c1d1d 100644 --- a/htdocs/includes/swiftmailer/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php +++ b/htdocs/includes/swiftmailer/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php @@ -58,7 +58,7 @@ class Swift_Transport_Esmtp_Auth_NTLMAuthenticator implements Swift_Transport_Es // extra parameters for our unit cases $timestamp = func_num_args() > 3 ? func_get_arg(3) : $this->getCorrectTimestamp(bcmul(microtime(true), '1000')); - $client = func_num_args() > 4 ? func_get_arg(4) : random_bytes(8); + $client = func_num_args() > 4 ? func_get_arg(4) : $this->getRandomBytes(8); // Message 3 response $this->sendMessage3($response, $username, $password, $timestamp, $client, $agent); @@ -548,6 +548,22 @@ class Swift_Transport_Esmtp_Auth_NTLMAuthenticator implements Swift_Transport_Es return $byte; } + /** + * Create random bytes. + * + * @param $length + * + * @return string + */ + protected function getRandomBytes($length) : string + { + $bytes = openssl_random_pseudo_bytes($length, $strong); + if (false !== $bytes && true === $strong) { + return $bytes; + } + throw new RuntimeException('OpenSSL did not produce a secure random number.'); + } + /** ENCRYPTION ALGORITHMS */ /**