--- ext/mcrypt/mcrypt.c.php-CVE-2007-2727.droplet 2007-01-01 04:36:02.000000000 -0500 +++ ext/mcrypt/mcrypt.c 2007-09-17 17:47:18.000000000 -0400 @@ -35,6 +35,7 @@ #include "php_ini.h" #include "php_globals.h" #include "ext/standard/info.h" +#include "ext/standard/php_rand.h" static int le_mcrypt; @@ -1274,10 +1275,9 @@ PHP_FUNCTION(mcrypt_create_iv) RETURN_FALSE; } } else { - unsigned int ctx; n = size; while (size) { - iv[--size] = 255.0 * php_rand_r(&ctx) / RAND_MAX; + iv[--size] = 255.0 * php_rand(TSRMLS_C) / RAND_MAX; } } RETURN_STRINGL(iv, n, 0);