From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS51815 62.102.148.0/23 X-Spam-Status: No, score=-1.8 required=3.0 tests=BAYES_00,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_ZBI,RCVD_IN_XBL,RDNS_NONE,SPF_FAIL,SPF_HELO_FAIL, TO_EQ_FM_DOM_SPF_FAIL shortcircuit=no autolearn=no autolearn_force=no version=3.4.0 Received: from 80x24.org (unknown [62.102.148.67]) by dcvr.yhbt.net (Postfix) with ESMTP id 8A5BB1FCA0 for ; Tue, 28 Mar 2017 16:58:25 +0000 (UTC) From: Eric Wong To: spew@80x24.org Subject: [PATCH] hash.c (any_hash): make static symbol hash non-deterministic Date: Tue, 28 Mar 2017 16:58:21 +0000 Message-Id: <20170328165821.18684-1-e@80x24.org> List-Id: Hashes for static symbols need to be seeded with the random hash seed to avoid deterministic results. Deterministic hash results leaves the door open for DoS attacks such as CVE-2011-4815. * hash.c (any_hash): make static symbol hash non-deterministic * test/ruby/test_symbol.rb (test_hash_nondeterministic): new test [ruby-core:80430] [Bug #13376] --- hash.c | 1 + test/ruby/test_symbol.rb | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/hash.c b/hash.c index 58a3d04023..d9826c4053 100644 --- a/hash.c +++ b/hash.c @@ -139,6 +139,7 @@ any_hash(VALUE a, st_index_t (*other_func)(VALUE)) if (a == Qundef) return 0; if (STATIC_SYM_P(a)) { hnum = a >> (RUBY_SPECIAL_SHIFT + ID_SCOPE_SHIFT); + hnum = rb_hash_start(hnum); goto out; } else if (FLONUM_P(a)) { diff --git a/test/ruby/test_symbol.rb b/test/ruby/test_symbol.rb index ce3b0d652f..34cd886141 100644 --- a/test/ruby/test_symbol.rb +++ b/test/ruby/test_symbol.rb @@ -411,4 +411,14 @@ def test_not_freeze assert_equal str, str.to_sym.to_s assert_not_predicate(str, :frozen?, bug11721) end + + def test_hash_nondeterministic + ruby = EnvUtil.rubybin + refute_equal `#{ruby} -e 'puts :foo.hash'`, `#{ruby} -e 'puts :foo.hash'`, + '[ruby-core:80430] [Bug #13376]' + + sym = "dynsym_#{Random.rand(10000)}_#{Time.now}" + refute_equal `#{ruby} -e 'puts #{sym.inspect}.to_sym.hash'`, + `#{ruby} -e 'puts #{sym.inspect}.to_sym.hash'` + end end -- EW