forked from enlightenment/efl
efl/eina: prevent denial of service on eina_hash.
Thanks goes to Thiago Macieira for sharing the issue. This is the result of the cross-desktop talk at fosdem. A lot more comming in the futur ! SVN revision: 83578
This commit is contained in:
parent
56120ef74d
commit
01dba3fbc0
|
@ -1,3 +1,7 @@
|
|||
2013-02-04 Cedric Bail
|
||||
|
||||
* eina: counter measure denial of service on eina_hash function.
|
||||
|
||||
2013-02-04 Jihoon Kim (jihoon)
|
||||
|
||||
* edje entry : Support &, < and > in preedit string.
|
||||
|
|
1
NEWS
1
NEWS
|
@ -140,3 +140,4 @@ Fixes:
|
|||
* Fix evas gif loader to return the correct frame duration
|
||||
* Prevent a crash even if an invalid object is swallowed into an edje object.
|
||||
* Fix cache miss when active edje hash is empty.
|
||||
* Prevent denial of service on eina_hash function.
|
||||
|
|
|
@ -1325,7 +1325,7 @@ eina_hash_iterator_tuple_new(const Eina_Hash *hash)
|
|||
EAPI int
|
||||
eina_hash_superfast(const char *key, int len)
|
||||
{
|
||||
int hash = len, tmp;
|
||||
int hash = len ^ eina_seed, tmp;
|
||||
int rem;
|
||||
|
||||
rem = len & 3;
|
||||
|
|
|
@ -19,6 +19,8 @@
|
|||
#ifndef EINA_INLINE_HASH_X_
|
||||
#define EINA_INLINE_HASH_X_
|
||||
|
||||
EAPI extern unsigned int eina_seed;
|
||||
|
||||
/*
|
||||
djb2 hash algorithm was first reported by dan bernstein, and was the old
|
||||
default hash function for evas.
|
||||
|
@ -26,7 +28,7 @@
|
|||
static inline int
|
||||
eina_hash_djb2(const char *key, int len)
|
||||
{
|
||||
unsigned int hash_num = 5381;
|
||||
unsigned int hash_num = 5381 ^ eina_seed;
|
||||
const unsigned char *ptr;
|
||||
|
||||
if (!key) return 0;
|
||||
|
@ -39,7 +41,7 @@ eina_hash_djb2(const char *key, int len)
|
|||
static inline int
|
||||
eina_hash_djb2_len(const char *key, int *plen)
|
||||
{
|
||||
unsigned int hash_num = 5381;
|
||||
unsigned int hash_num = 5381 ^ eina_seed;
|
||||
int len = 0;
|
||||
const unsigned char *ptr;
|
||||
|
||||
|
@ -64,7 +66,7 @@ eina_hash_int32(const unsigned int *pkey, int len)
|
|||
key ^= key >> 12;
|
||||
key += key << 2;
|
||||
key ^= key >> 4;
|
||||
key *= 2057;
|
||||
key *= 2057 ^ eina_seed;
|
||||
key ^= key >> 16;
|
||||
return key;
|
||||
}
|
||||
|
@ -78,7 +80,7 @@ eina_hash_int64(const unsigned long int *pkey, int len)
|
|||
|
||||
key = ~key + (key << 18);
|
||||
key ^= key >> 31;
|
||||
key *= 21;
|
||||
key *= 21 ^ eina_seed;
|
||||
key ^= key >> 11;
|
||||
key += key << 6;
|
||||
key ^= key >> 22;
|
||||
|
@ -107,8 +109,8 @@ eina_hash_murmur3(const char *key, int len)
|
|||
const unsigned char * data = (const unsigned char*)key;
|
||||
const int nblocks = len / 4;
|
||||
unsigned int h1 = 0, k1;
|
||||
unsigned int c1 = 0xcc9e2d51;
|
||||
unsigned int c2 = 0x1b873593;
|
||||
unsigned int c1 = 0xcc9e2d51 ^ eina_seed;
|
||||
unsigned int c2 = 0x1b873593 ^ eina_seed;
|
||||
const unsigned int * blocks = (const unsigned int *)(data + nblocks*4);
|
||||
int i;
|
||||
const unsigned char *tail;
|
||||
|
|
|
@ -99,6 +99,7 @@ static int _eina_log_dom = -1;
|
|||
|
||||
EAPI Eina_Bool _eina_threads_activated = EINA_FALSE;
|
||||
EAPI Eina_Error EINA_ERROR_NOT_MAIN_LOOP = 0;
|
||||
EAPI unsigned int eina_seed = 0;
|
||||
|
||||
static const char EINA_ERROR_NOT_MAIN_LOOP_STR[] = "Main loop thread check failed.";
|
||||
|
||||
|
@ -249,6 +250,10 @@ eina_init(void)
|
|||
if (EINA_LIKELY(_eina_main_count > 0))
|
||||
return ++_eina_main_count;
|
||||
|
||||
srand(time(NULL));
|
||||
while (eina_seed == 0)
|
||||
eina_seed = rand();
|
||||
|
||||
#ifdef MT
|
||||
if ((getenv("EINA_MTRACE")) && (getenv("MALLOC_TRACE")))
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue