aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCedric BAIL <cedric.bail@free.fr>2013-02-04 07:52:56 +0000
committerCedric BAIL <cedric.bail@free.fr>2013-02-04 07:52:56 +0000
commit01dba3fbc0fb3bd26959121d81c05e66f7a77915 (patch)
tree556c585fc2f356ea148fccfd9f5c2a5ee46849c6
parent56120ef74d5fce4d5ae9691f30ef26011b13dc49 (diff)
downloadefl-01dba3fbc0fb3bd26959121d81c05e66f7a77915.tar.gz
efl-01dba3fbc0fb3bd26959121d81c05e66f7a77915.tar.xz
efl-01dba3fbc0fb3bd26959121d81c05e66f7a77915.zip
efl/eina: prevent denial of service on eina_hash.
Thanks goes to Thiago Macieira for sharing the issue. This is the result of the cross-desktop talk at fosdem. A lot more comming in the futur ! SVN revision: 83578
-rw-r--r--ChangeLog4
-rw-r--r--NEWS1
-rw-r--r--src/lib/eina/eina_hash.c2
-rw-r--r--src/lib/eina/eina_inline_hash.x14
-rw-r--r--src/lib/eina/eina_main.c5
5 files changed, 19 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index b2592fb5a..65f07f746 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2013-02-04 Cedric Bail
+
+ * eina: counter measure denial of service on eina_hash function.
+
2013-02-04 Jihoon Kim (jihoon)
* edje entry : Support &, < and > in preedit string.
diff --git a/NEWS b/NEWS
index 2d4a4456e..8c3ac6124 100644
--- a/NEWS
+++ b/NEWS
@@ -140,3 +140,4 @@ Fixes:
* Fix evas gif loader to return the correct frame duration
* Prevent a crash even if an invalid object is swallowed into an edje object.
* Fix cache miss when active edje hash is empty.
+ * Prevent denial of service on eina_hash function.
diff --git a/src/lib/eina/eina_hash.c b/src/lib/eina/eina_hash.c
index fc6b7aac5..d63961229 100644
--- a/src/lib/eina/eina_hash.c
+++ b/src/lib/eina/eina_hash.c
@@ -1325,7 +1325,7 @@ eina_hash_iterator_tuple_new(const Eina_Hash *hash)
EAPI int
eina_hash_superfast(const char *key, int len)
{
- int hash = len, tmp;
+ int hash = len ^ eina_seed, tmp;
int rem;
rem = len & 3;
diff --git a/src/lib/eina/eina_inline_hash.x b/src/lib/eina/eina_inline_hash.x
index be20e8fa5..b2fc3f3ee 100644
--- a/src/lib/eina/eina_inline_hash.x
+++ b/src/lib/eina/eina_inline_hash.x
@@ -19,6 +19,8 @@
#ifndef EINA_INLINE_HASH_X_
#define EINA_INLINE_HASH_X_
+EAPI extern unsigned int eina_seed;
+
/*
djb2 hash algorithm was first reported by dan bernstein, and was the old
default hash function for evas.
@@ -26,7 +28,7 @@
static inline int
eina_hash_djb2(const char *key, int len)
{
- unsigned int hash_num = 5381;
+ unsigned int hash_num = 5381 ^ eina_seed;
const unsigned char *ptr;
if (!key) return 0;
@@ -39,7 +41,7 @@ eina_hash_djb2(const char *key, int len)
static inline int
eina_hash_djb2_len(const char *key, int *plen)
{
- unsigned int hash_num = 5381;
+ unsigned int hash_num = 5381 ^ eina_seed;
int len = 0;
const unsigned char *ptr;
@@ -64,7 +66,7 @@ eina_hash_int32(const unsigned int *pkey, int len)
key ^= key >> 12;
key += key << 2;
key ^= key >> 4;
- key *= 2057;
+ key *= 2057 ^ eina_seed;
key ^= key >> 16;
return key;
}
@@ -78,7 +80,7 @@ eina_hash_int64(const unsigned long int *pkey, int len)
key = ~key + (key << 18);
key ^= key >> 31;
- key *= 21;
+ key *= 21 ^ eina_seed;
key ^= key >> 11;
key += key << 6;
key ^= key >> 22;
@@ -107,8 +109,8 @@ eina_hash_murmur3(const char *key, int len)
const unsigned char * data = (const unsigned char*)key;
const int nblocks = len / 4;
unsigned int h1 = 0, k1;
- unsigned int c1 = 0xcc9e2d51;
- unsigned int c2 = 0x1b873593;
+ unsigned int c1 = 0xcc9e2d51 ^ eina_seed;
+ unsigned int c2 = 0x1b873593 ^ eina_seed;
const unsigned int * blocks = (const unsigned int *)(data + nblocks*4);
int i;
const unsigned char *tail;
diff --git a/src/lib/eina/eina_main.c b/src/lib/eina/eina_main.c
index 667c3a1b7..271ce2b63 100644
--- a/src/lib/eina/eina_main.c
+++ b/src/lib/eina/eina_main.c
@@ -99,6 +99,7 @@ static int _eina_log_dom = -1;
EAPI Eina_Bool _eina_threads_activated = EINA_FALSE;
EAPI Eina_Error EINA_ERROR_NOT_MAIN_LOOP = 0;
+EAPI unsigned int eina_seed = 0;
static const char EINA_ERROR_NOT_MAIN_LOOP_STR[] = "Main loop thread check failed.";
@@ -249,6 +250,10 @@ eina_init(void)
if (EINA_LIKELY(_eina_main_count > 0))
return ++_eina_main_count;
+ srand(time(NULL));
+ while (eina_seed == 0)
+ eina_seed = rand();
+
#ifdef MT
if ((getenv("EINA_MTRACE")) && (getenv("MALLOC_TRACE")))
{