From b627430ae60d7c5f13ecc2f289bce8185c218be0 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 30 Sep 2014 20:30:06 +0300
Subject: Make sure we don't waste entropy

---
 system/core/Security.php        | 1 +
 system/core/compat/password.php | 1 +
 2 files changed, 2 insertions(+)

(limited to 'system/core')

diff --git a/system/core/Security.php b/system/core/Security.php
index 4b204ad95..b97df4647 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -573,6 +573,7 @@ class CI_Security {
 
 		if (is_readable('/dev/urandom') && ($fp = fopen('/dev/urandom', 'rb')) !== FALSE)
 		{
+			stream_set_chunk_size($fp, $length);
 			$output = fread($fp, $length);
 			fclose($fp);
 			if ($output !== FALSE)
diff --git a/system/core/compat/password.php b/system/core/compat/password.php
index a8bc756f0..60aa578db 100644
--- a/system/core/compat/password.php
+++ b/system/core/compat/password.php
@@ -121,6 +121,7 @@ if ( ! function_exists('password_hash'))
 					return FALSE;
 				}
 
+				stream_set_chunk_size($fp, 16);
 				$options['salt'] = '';
 				for ($read = 0; $read < 16; $read = ($func_override) ? mb_strlen($options['salt'], '8bit') : strlen($options['salt']))
 				{
-- 
cgit v1.2.3-24-g4f1b