From a54d40f2a2fae9305036220fdbcd8424d5bd588a Mon Sep 17 00:00:00 2001 From: Peter Linss Date: Wed, 20 Nov 2019 09:20:40 -0800 Subject: [PATCH] improve error handling for salt generation --- rainloop/v/0.0.0/include.php | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/rainloop/v/0.0.0/include.php b/rainloop/v/0.0.0/include.php index 26600d423..9d7fdc2e9 100644 --- a/rainloop/v/0.0.0/include.php +++ b/rainloop/v/0.0.0/include.php @@ -124,17 +124,23 @@ unset($sCheckName, $sCheckFilePath, $sCheckFolder, $sTest); } - if (false === $sSalt) - { + if (false === $sSalt) { if (function_exists('random_bytes')) { // secure random salt - $sSalt = bin2hex(random_bytes(48)); + try + { + $sSalt = bin2hex(random_bytes(48)); + } + catch (\Exception $oException) + { + $sSalt = false; + } } - elseif (function_exists('openssl_random_pseudo_bytes')) + if ((false === $sSalt) && (function_exists('openssl_random_pseudo_bytes'))) { // not-quite as secure random salt $sSalt = bin2hex(openssl_random_pseudo_bytes(48)); } - else + if (false === $sSalt) { // pseudo-random salt $sSalt = md5(microtime(true).rand(1000, 5000)) .md5(microtime(true).rand(5000, 9999))