From 7ed21e66fa7e444b34acd79648379a8ae867c770 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
Date: Fri, 2 Feb 2024 20:10:19 +0100
Subject: [PATCH] random: Do not hardcode the target type when invoking the
 CSPRNG (#13308)

Instead derive the number of bytes to retrieve from the variable that is being
filled.
---
 ext/random/engine_mt19937.c | 4 ++--
 ext/random/engine_secure.c  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ext/random/engine_mt19937.c b/ext/random/engine_mt19937.c
index d82a341b36c34..6f2f4d5eef37b 100644
--- a/ext/random/engine_mt19937.c
+++ b/ext/random/engine_mt19937.c
@@ -240,7 +240,7 @@ PHPAPI void php_random_mt19937_seed_default(php_random_status_state_mt19937 *sta
 {
 	zend_long seed = 0;
 
-	if (php_random_bytes_silent(&seed, sizeof(zend_long)) == FAILURE) {
+	if (php_random_bytes_silent(&seed, sizeof(seed)) == FAILURE) {
 		seed = GENERATE_SEED();
 	}
 
@@ -277,7 +277,7 @@ PHP_METHOD(Random_Engine_Mt19937, __construct)
 
 	if (seed_is_null) {
 		/* MT19937 has a very large state, uses CSPRNG for seeding only */
-		if (php_random_bytes_throw(&seed, sizeof(zend_long)) == FAILURE) {
+		if (php_random_bytes_throw(&seed, sizeof(seed)) == FAILURE) {
 			zend_throw_exception(random_ce_Random_RandomException, "Failed to generate a random seed", 0);
 			RETURN_THROWS();
 		}
diff --git a/ext/random/engine_secure.c b/ext/random/engine_secure.c
index bc5e4874cd9dc..c7779463541fc 100644
--- a/ext/random/engine_secure.c
+++ b/ext/random/engine_secure.c
@@ -29,7 +29,7 @@ static php_random_result generate(php_random_status *status)
 {
 	zend_ulong r = 0;
 
-	php_random_bytes_throw(&r, sizeof(zend_ulong));
+	php_random_bytes_throw(&r, sizeof(r));
 
 	return (php_random_result){
 		.size = sizeof(zend_ulong),