From: Eric Wong <e@80x24.org>
To: spew@80x24.org
Subject: [PATCH] hash.c (any_hash): make static symbol hash non-deterministic
Date: Tue, 28 Mar 2017 16:58:21 +0000 [thread overview]
Message-ID: <20170328165821.18684-1-e@80x24.org> (raw)
Hashes for static symbols need to be seeded with the random hash
seed to avoid deterministic results. Deterministic hash results
leaves the door open for DoS attacks such as CVE-2011-4815.
* hash.c (any_hash): make static symbol hash non-deterministic
* test/ruby/test_symbol.rb (test_hash_nondeterministic): new test
[ruby-core:80430] [Bug #13376]
---
hash.c | 1 +
test/ruby/test_symbol.rb | 10 ++++++++++
2 files changed, 11 insertions(+)
diff --git a/hash.c b/hash.c
index 58a3d04023..d9826c4053 100644
--- a/hash.c
+++ b/hash.c
@@ -139,6 +139,7 @@ any_hash(VALUE a, st_index_t (*other_func)(VALUE))
if (a == Qundef) return 0;
if (STATIC_SYM_P(a)) {
hnum = a >> (RUBY_SPECIAL_SHIFT + ID_SCOPE_SHIFT);
+ hnum = rb_hash_start(hnum);
goto out;
}
else if (FLONUM_P(a)) {
diff --git a/test/ruby/test_symbol.rb b/test/ruby/test_symbol.rb
index ce3b0d652f..34cd886141 100644
--- a/test/ruby/test_symbol.rb
+++ b/test/ruby/test_symbol.rb
@@ -411,4 +411,14 @@ def test_not_freeze
assert_equal str, str.to_sym.to_s
assert_not_predicate(str, :frozen?, bug11721)
end
+
+ def test_hash_nondeterministic
+ ruby = EnvUtil.rubybin
+ refute_equal `#{ruby} -e 'puts :foo.hash'`, `#{ruby} -e 'puts :foo.hash'`,
+ '[ruby-core:80430] [Bug #13376]'
+
+ sym = "dynsym_#{Random.rand(10000)}_#{Time.now}"
+ refute_equal `#{ruby} -e 'puts #{sym.inspect}.to_sym.hash'`,
+ `#{ruby} -e 'puts #{sym.inspect}.to_sym.hash'`
+ end
end
--
EW
reply other threads:[~2017-03-28 16:58 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170328165821.18684-1-e@80x24.org \
--to=e@80x24.org \
--cc=spew@80x24.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).