Changeset 13721

Timestamp:

01/06/12 14:29:51 (12 years ago)

Author:

Mark Evenson

Message:

backport r13720: randomize string hash computation to guard against exploits.

Location:

branches/1.0.x/abcl/src/org/armedbear/lisp

Files:

• ComplexString.java (modified) (2 diffs)
• Lisp.java (modified) (1 diff)
• SimpleString.java (modified) (3 diffs)

branches/1.0.x/abcl/src/org/armedbear/lisp/ComplexString.java

@@ -518 +518 @@
   public int sxhash()
   {
-    int hashCode = 0;
+    int hashCode = randomStringHashBase;
     final int limit = length();
     for (int i = 0; i < limit; i++)
@@ -536 +536 @@
   public int psxhash()
   {
-    int hashCode = 0;
+    int hashCode = randomStringHashBase;
     final int limit = length();
     for (int i = 0; i < limit; i++)

branches/1.0.x/abcl/src/org/armedbear/lisp/Lisp.java

@@ -142 +142 @@
   public static final LispObject EOF = new LispObject();
 
+  // String hash randomization base
+  // Sets a base offset hashing value per JVM session, as an antidote to
+  // http://www.nruns.com/_downloads/advisory28122011.pdf
+  //    (Denial of Service through hash table multi-collisions)
+  public static final int randomStringHashBase =
+          (int)(new java.util.Date().getTime());
+  
   public static boolean profiling;
 

branches/1.0.x/abcl/src/org/armedbear/lisp/SimpleString.java

@@ -417 +417 @@
     public int sxhash()
     {
-        int hashCode = 0;
+        int hashCode = randomStringHashBase;
         for (int i = 0; i < capacity; i++) {
             hashCode += chars[i];
@@ -427 +427 @@
         hashCode += (hashCode << 15);
         return (hashCode & 0x7fffffff);
-    }
+        }
 
     // For EQUALP hash tables.
@@ -433 +433 @@
     public int psxhash()
     {
-        int hashCode = 0;
+        int hashCode = randomStringHashBase;
         for (int i = 0; i < capacity; i++) {
             hashCode += Character.toUpperCase(chars[i]);