mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-16 14:50:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED

Browse source 
environment variable, to provide an opt-in way to protect against denial of
  service attacks due to hash collisions within the dict and set types.  Patch
  by David Malcolm, based on work by Victor Stinner.
This commit is contained in:
Barry Warsaw 2012-02-20 20:42:21 -05:00
parent f5a5beb339
commit 1e13eb084f
27 changed files with 706 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Objects/stringobject.c
View file

@ -1212,11 +1212,21 @@ string_hash(PyStringObject *a)
if (a->ob_shash != -1)
return a->ob_shash;
len = Py_SIZE(a);
/*
We make the hash of the empty string be 0, rather than using
(prefix ^ suffix), since this slightly obfuscates the hash secret
*/
if (len == 0) {
a->ob_shash = 0;
return 0;
}
p = (unsigned char *) a->ob_sval;
x = *p << 7;
x = _Py_HashSecret.prefix;
x ^= *p << 7;
while (--len >= 0)
x = (1000003*x) ^ *p++;
x ^= Py_SIZE(a);
x ^= _Py_HashSecret.suffix;
if (x == -1)
x = -2;
a->ob_shash = x;