Changeset 13721


Ignore:
Timestamp:
01/06/12 14:29:51 (12 years ago)
Author:
Mark Evenson
Message:

backport r13720: randomize string hash computation to guard against exploits.

Location:
branches/1.0.x/abcl/src/org/armedbear/lisp
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/1.0.x/abcl/src/org/armedbear/lisp/ComplexString.java

    r13412 r13721  
    518518  public int sxhash()
    519519  {
    520     int hashCode = 0;
     520    int hashCode = randomStringHashBase;
    521521    final int limit = length();
    522522    for (int i = 0; i < limit; i++)
     
    536536  public int psxhash()
    537537  {
    538     int hashCode = 0;
     538    int hashCode = randomStringHashBase;
    539539    final int limit = length();
    540540    for (int i = 0; i < limit; i++)
  • branches/1.0.x/abcl/src/org/armedbear/lisp/Lisp.java

    r13518 r13721  
    142142  public static final LispObject EOF = new LispObject();
    143143
     144  // String hash randomization base
     145  // Sets a base offset hashing value per JVM session, as an antidote to
     146  // http://www.nruns.com/_downloads/advisory28122011.pdf
     147  //    (Denial of Service through hash table multi-collisions)
     148  public static final int randomStringHashBase =
     149          (int)(new java.util.Date().getTime());
     150 
    144151  public static boolean profiling;
    145152
  • branches/1.0.x/abcl/src/org/armedbear/lisp/SimpleString.java

    r12958 r13721  
    417417    public int sxhash()
    418418    {
    419         int hashCode = 0;
     419        int hashCode = randomStringHashBase;
    420420        for (int i = 0; i < capacity; i++) {
    421421            hashCode += chars[i];
     
    427427        hashCode += (hashCode << 15);
    428428        return (hashCode & 0x7fffffff);
    429     }
     429        }
    430430
    431431    // For EQUALP hash tables.
     
    433433    public int psxhash()
    434434    {
    435         int hashCode = 0;
     435        int hashCode = randomStringHashBase;
    436436        for (int i = 0; i < capacity; i++) {
    437437            hashCode += Character.toUpperCase(chars[i]);
Note: See TracChangeset for help on using the changeset viewer.