Page MenuHomePhabricator
Create Task
Maniphest T104426

Blank Screen for MW 1.23/1.25 on FreeBSD 10.1 due to timeout of MWCryptRand.php mcrypt_create_iv
Closed, ResolvedPublic
Actions

Description

At least in my configuration:
mediawiki123-1.23.9_1 and mediawiki125-1.25.1 (both tested)
PHP version: mod_php55-5.5.26
FreeBSD 10.1 (10.1-RELEASE #0 r283010)
Running in a jail, the command in MWCryptRand.php

$iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );

Times out. if error reporting isn't enabled, a blank screen results.
Modifying that line (320 in 1.23 and 317 in 1.25) to

$iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM|MCRYPT_RAND );

solves the issue. This seems to be an issue with the availability of DEV file system per this note:
https://secure.php.net/manual/en/function.mcrypt-create-iv.php#117047

Event Timeline

Dgessel created this task.Jul 1 2015, 8:11 AM
Dgessel assigned this task to DanielFriesen.
Dgessel raised the priority of this task from to Needs Triage.
Dgessel updated the task description. (Show Details)
Dgessel added a project: Wikidata-Query-Service.
Dgessel subscribed.
Restricted Application added projects: Wikidata, Discovery-ARCHIVED. · View Herald TranscriptJul 1 2015, 8:11 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Smalyshev subscribed.Jul 1 2015, 8:33 AM

I think the project labels for this one are wrong.

JanZerebecki edited projects, added MediaWiki-General; removed Discovery-ARCHIVED, Wikidata-Query-Service, Wikidata.Jul 2 2015, 1:26 PM
JanZerebecki set Security to None.
Aklapper added a comment.Jul 2 2015, 1:40 PM

Thanks for taking a look at the code! If you are interested, you are very welcome to use developer access to submit this proposed change as a Git branch directly into Gerrit for review. If you don't want to set up Git/Gerrit, you can also use the Gerrit Patch Uploader.

Aklapper triaged this task as Medium priority.Jul 2 2015, 1:42 PM
webDEVILopers subscribed.Jul 30 2015, 7:55 AM
MaxSem closed this task as Resolved.Nov 29 2018, 1:50 PM
MaxSem subscribed.

We aren't using mcrypt for random number generation since 1.31.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL