dumping ground for random patches and texts
 help / color / mirror / Atom feed
From: Eric Wong <e@80x24.org>
To: spew@80x24.org
Subject: [PATCH] hash.c (any_hash): make static symbol hash non-deterministic
Date: Tue, 28 Mar 2017 16:58:21 +0000	[thread overview]
Message-ID: <20170328165821.18684-1-e@80x24.org> (raw)

Hashes for static symbols need to be seeded with the random hash
seed to avoid deterministic results.  Deterministic hash results
leaves the door open for DoS attacks such as CVE-2011-4815.

* hash.c (any_hash): make static symbol hash non-deterministic
* test/ruby/test_symbol.rb (test_hash_nondeterministic): new test
  [ruby-core:80430] [Bug #13376]
---
 hash.c                   |  1 +
 test/ruby/test_symbol.rb | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/hash.c b/hash.c
index 58a3d04023..d9826c4053 100644
--- a/hash.c
+++ b/hash.c
@@ -139,6 +139,7 @@ any_hash(VALUE a, st_index_t (*other_func)(VALUE))
 	if (a == Qundef) return 0;
 	if (STATIC_SYM_P(a)) {
 	    hnum = a >> (RUBY_SPECIAL_SHIFT + ID_SCOPE_SHIFT);
+	    hnum = rb_hash_start(hnum);
 	    goto out;
 	}
 	else if (FLONUM_P(a)) {
diff --git a/test/ruby/test_symbol.rb b/test/ruby/test_symbol.rb
index ce3b0d652f..34cd886141 100644
--- a/test/ruby/test_symbol.rb
+++ b/test/ruby/test_symbol.rb
@@ -411,4 +411,14 @@ def test_not_freeze
     assert_equal str, str.to_sym.to_s
     assert_not_predicate(str, :frozen?, bug11721)
   end
+
+  def test_hash_nondeterministic
+    ruby = EnvUtil.rubybin
+    refute_equal `#{ruby} -e 'puts :foo.hash'`, `#{ruby} -e 'puts :foo.hash'`,
+                 '[ruby-core:80430] [Bug #13376]'
+
+    sym = "dynsym_#{Random.rand(10000)}_#{Time.now}"
+    refute_equal `#{ruby} -e 'puts #{sym.inspect}.to_sym.hash'`,
+                 `#{ruby} -e 'puts #{sym.inspect}.to_sym.hash'`
+  end
 end
-- 
EW


                 reply	other threads:[~2017-03-28 16:58 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170328165821.18684-1-e@80x24.org \
    --to=e@80x24.org \
    --cc=spew@80x24.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).