Merge from 3.1: Issue #13703: add a way to randomize the hash values of basic types (str, bytes, datetime)

in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated. The environment variable PYTHONHASHSEED and the new command line flag -R control this behavior.
author: Georg Brandl <georg@python.org> 2012-02-20 21:31:46 +0100
committer: Georg Brandl <georg@python.org> 2012-02-20 21:31:46 +0100
commit: 09a7c72cad48f568e0781541167cf9ea6a3f0760 (patch)
tree: d925894bfc3662e33c03ff7b6b2c5e9e38749b73 /Objects/bytesobject.c
parent: fee358b0df547e9451cfb0b3d25980e6cc7177cc (diff)
parent: 2daf6ae2495c862adf8bc717bfe9964081ea0b10 (diff)
download: cpython-git-09a7c72cad48f568e0781541167cf9ea6a3f0760.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
index a0d4cbd9ae..d63fabcc9e 100644
--- a/Objects/bytesobject.c
+++ b/Objects/bytesobject.c
@@ -878,11 +878,21 @@ bytes_hash(PyBytesObject *a)
     if (a->ob_shash != -1)
         return a->ob_shash;
     len = Py_SIZE(a);
+    /*
+      We make the hash of the empty string be 0, rather than using
+      (prefix ^ suffix), since this slightly obfuscates the hash secret
+    */
+    if (len == 0) {
+        a->ob_shash = 0;
+        return 0;
+    }
     p = (unsigned char *) a->ob_sval;
-    x = *p << 7;
+    x = _Py_HashSecret.prefix;
+    x ^= *p << 7;
     while (--len >= 0)
         x = (_PyHASH_MULTIPLIER*x) ^ *p++;
     x ^= Py_SIZE(a);
+    x ^= _Py_HashSecret.suffix;
     if (x == -1)
         x = -2;
     a->ob_shash = x;
author	Georg Brandl <georg@python.org>	2012-02-20 21:31:46 +0100
committer	Georg Brandl <georg@python.org>	2012-02-20 21:31:46 +0100
commit	09a7c72cad48f568e0781541167cf9ea6a3f0760 (patch)
tree	d925894bfc3662e33c03ff7b6b2c5e9e38749b73 /Objects/bytesobject.c
parent	fee358b0df547e9451cfb0b3d25980e6cc7177cc (diff)
parent	2daf6ae2495c862adf8bc717bfe9964081ea0b10 (diff)
download	cpython-git-09a7c72cad48f568e0781541167cf9ea6a3f0760.tar.gz