From 2d4b73653b8d0948de5b043aecf24ae4c915f8f4 Mon Sep 17 00:00:00 2001
From: Peter Knut <peter@pematon.com>
Date: Mon, 7 Oct 2024 23:37:33 +0200
Subject: [PATCH] Refactor generating of private key and random strings

Generating of private key is atomic now.
More secure random strings on PHP 7+.
---
 adminer/include/adminer.inc.php   | 14 +++++---
 adminer/include/auth.inc.php      | 10 +++---
 adminer/include/design.inc.php    | 16 ++++++---
 adminer/include/functions.inc.php | 57 ++++++++++++++++++++++---------
 editor/include/adminer.inc.php    |  5 ++-
 5 files changed, 71 insertions(+), 31 deletions(-)

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index b1707089..a03689d7 100644
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -25,12 +25,16 @@ class Adminer {
 	function connectSsl() {
 	}
 
-	/** Get key used for permanent login
-	* @param bool
-	* @return string cryptic string which gets combined with password or false in case of an error
-	*/
+	/**
+	 * Gets a private key used for permanent login.
+	 *
+	 * @param bool $create
+	 *
+	 * @return string|false Cryptic string which gets combined with password or false in case of an error.
+	 * @throws \Random\RandomException
+	 */
 	function permanentLogin($create = false) {
-		return password_file($create);
+		return get_private_key($create);
 	}
 
 	/** Return key used to group brute force attacks; behind a reverse proxy, you want to return the last part of X-Forwarded-For
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 603bd470..ff17886c 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -1,4 +1,5 @@
 <?php
+
 $connection = '';
 
 $has_token = $_SESSION["token"];
@@ -171,9 +172,10 @@ function unset_permanent() {
 }
 
 /** Renders an error message and a login form
-* @param string plain text
-* @return null exits
-*/
+ * @param string plain text
+ * @return null exits
+ * @throws \Random\RandomException
+ */
 function auth_error($error) {
 	global $adminer, $has_token;
 	$session_name = session_name();
@@ -198,7 +200,7 @@ function auth_error($error) {
 		$error = lang('Session support must be enabled.');
 	}
 	$params = session_get_cookie_params();
-	cookie("adminer_key", ($_COOKIE["adminer_key"] ? $_COOKIE["adminer_key"] : rand_string()), $params["lifetime"]);
+	cookie("adminer_key", ($_COOKIE["adminer_key"] ?: get_random_string()), $params["lifetime"]);
 	page_header(lang('Login'), $error, null);
 	echo "<form action='' method='post'>\n";
 	echo "<div>";
diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index 09c3a854..60035044 100644
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -142,14 +142,20 @@ function csp() {
 	);
 }
 
-/** Get a CSP nonce
-* @return string Base64 value
-*/
-function get_nonce() {
+/**
+ * Gets a CSP nonce.
+ *
+ * @return string Base64 value.
+ * @throws \Random\RandomException
+ */
+function get_nonce()
+{
 	static $nonce;
+
 	if (!$nonce) {
-		$nonce = base64_encode(rand_string());
+		$nonce = base64_encode(get_random_string(true));
 	}
+
 	return $nonce;
 }
 
diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index 67e5e583..44ab7e0b 100644
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -1,4 +1,5 @@
 <?php
+
 /** Get database connection
 * @return Min_DB
 */
@@ -1249,6 +1250,17 @@ function write_and_unlock_file($file, $data)
 	rewind($file);
 	fwrite($file, $data);
 	ftruncate($file, strlen($data));
+
+	unlock_file($file);
+}
+
+/**
+ * Unlocks and closes the file.
+ *
+ * @param resource $file
+ */
+function unlock_file($file)
+{
 	flock($file, LOCK_UN);
 	fclose($file);
 }
@@ -1258,31 +1270,44 @@ function write_and_unlock_file($file, $data)
  *
  * @param $create bool
  * @return string|false Returns false if the file can not be created.
+ * @throws \Random\RandomException
  */
-function password_file($create) {
+function get_private_key($create)
+{
 	$filename = get_temp_dir() . "/adminer.key";
 
-	$return = file_exists($filename) ? file_get_contents($filename) : false;
-	if ($return || !$create) {
-		return $return;
+	if (!$create && !file_exists($filename)) {
+		return false;
 	}
 
-	$file = @fopen($filename, "w"); // @ - can have insufficient rights //! is not atomic
-	if ($file) {
-		chmod($filename, 0660);
-		$return = rand_string();
-		fwrite($file, $return);
-		fclose($file);
+	$file = open_file_with_lock($filename);
+	if (!$file) {
+		return false;
 	}
 
-	return $return;
+	$key = stream_get_contents($file);
+	if (!$key) {
+		$key = get_random_string();
+		write_and_unlock_file($file, $key);
+	} else {
+		unlock_file($file);
+	}
+
+	return $key;
 }
 
-/** Get a random string
-* @return string 32 hexadecimal characters
-*/
-function rand_string() {
-	return md5(uniqid(mt_rand(), true));
+/**
+ * Returns a random 32 characters long string.
+ *
+ * @param $binary bool
+ * @return string
+ * @throws \Random\RandomException
+ */
+function get_random_string($binary = false)
+{
+	$bytes = function_exists('random_bytes') ? random_bytes(32) : uniqid(mt_rand(), true);
+
+	return $binary ? $bytes : md5($bytes);
 }
 
 /** Format value to use in select
diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index d71cdbd0..dd6ae607 100644
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -16,8 +16,11 @@ class Adminer {
 	function connectSsl() {
 	}
 
+	/**
+	 * @throws \Random\RandomException
+	 */
 	function permanentLogin($create = false) {
-		return password_file($create);
+		return get_private_key($create);
 	}
 
 	function bruteForceKey() {