mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-03 16:39:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Merge from 3.1: Issue #13703: add a way to randomize the hash values of basic types (str, bytes, datetime)

Browse source 
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated.

The environment variable PYTHONHASHSEED and the new command line flag -R control this
behavior.
This commit is contained in:
Georg Brandl 2012-02-20 21:31:46 +01:00
commit 09a7c72cad
34 changed files with 676 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Objects/unicodeobject.c
View file

@ -7676,11 +7676,21 @@ unicode_hash(PyUnicodeObject *self)
if (self->hash != -1)
return self->hash;
len = Py_SIZE(self);
/*
We make the hash of the empty string be 0, rather than using
(prefix ^ suffix), since this slightly obfuscates the hash secret
*/
if (len == 0) {
self->hash = 0;
return 0;
}
p = self->str;
x = *p << 7;
x = _Py_HashSecret.prefix;
x ^= *p << 7;
while (--len >= 0)
x = (_PyHASH_MULTIPLIER*x) ^ *p++;
x ^= Py_SIZE(self);
x ^= _Py_HashSecret.suffix;
if (x == -1)
x = -2;
self->hash = x;