mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-16 07:45:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Issue #13703: add a way to randomize the hash values of basic types (str, bytes, datetime)

Browse source 
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated.

The environment variable PYTHONHASHSEED and the new command line flag -R control this
behavior.
This commit is contained in:
Georg Brandl 2012-02-20 19:54:16 +01:00
parent ec1712a166
commit 2daf6ae249
32 changed files with 660 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Objects/unicodeobject.c
View file

@ -7344,11 +7344,21 @@ unicode_hash(PyUnicodeObject *self)
if (self->hash != -1)
return self->hash;
len = Py_SIZE(self);
/*
We make the hash of the empty string be 0, rather than using
(prefix ^ suffix), since this slightly obfuscates the hash secret
*/
if (len == 0) {
self->hash = 0;
return 0;
}
p = self->str;
x = *p << 7;
x = _Py_HashSecret.prefix;
x ^= *p << 7;
while (--len >= 0)
x = (1000003*x) ^ *p++;
x ^= Py_SIZE(self);
x ^= _Py_HashSecret.suffix;
if (x == -1)
x = -2;
self->hash = x;