diff options
| author | Georg Brandl <georg@python.org> | 2012-02-20 21:31:46 +0100 |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2012-02-20 21:31:46 +0100 |
| commit | 09a7c72cad48f568e0781541167cf9ea6a3f0760 (patch) | |
| tree | d925894bfc3662e33c03ff7b6b2c5e9e38749b73 /Objects | |
| parent | fee358b0df547e9451cfb0b3d25980e6cc7177cc (diff) | |
| parent | 2daf6ae2495c862adf8bc717bfe9964081ea0b10 (diff) | |
| download | cpython-git-09a7c72cad48f568e0781541167cf9ea6a3f0760.tar.gz | |
Merge from 3.1: Issue #13703: add a way to randomize the hash values of basic types (str, bytes, datetime)
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated.
The environment variable PYTHONHASHSEED and the new command line flag -R control this
behavior.
Diffstat (limited to 'Objects')
| -rw-r--r-- | Objects/bytesobject.c | 12 | ||||
| -rw-r--r-- | Objects/object.c | 2 | ||||
| -rw-r--r-- | Objects/unicodeobject.c | 12 |
3 files changed, 24 insertions, 2 deletions
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c index a0d4cbd9ae..d63fabcc9e 100644 --- a/Objects/bytesobject.c +++ b/Objects/bytesobject.c @@ -878,11 +878,21 @@ bytes_hash(PyBytesObject *a) if (a->ob_shash != -1) return a->ob_shash; len = Py_SIZE(a); + /* + We make the hash of the empty string be 0, rather than using + (prefix ^ suffix), since this slightly obfuscates the hash secret + */ + if (len == 0) { + a->ob_shash = 0; + return 0; + } p = (unsigned char *) a->ob_sval; - x = *p << 7; + x = _Py_HashSecret.prefix; + x ^= *p << 7; while (--len >= 0) x = (_PyHASH_MULTIPLIER*x) ^ *p++; x ^= Py_SIZE(a); + x ^= _Py_HashSecret.suffix; if (x == -1) x = -2; a->ob_shash = x; diff --git a/Objects/object.c b/Objects/object.c index 694e7e719e..84ec2f34f5 100644 --- a/Objects/object.c +++ b/Objects/object.c @@ -754,6 +754,8 @@ PyObject_HashNotImplemented(PyObject *v) return -1; } +_Py_HashSecret_t _Py_HashSecret; + Py_hash_t PyObject_Hash(PyObject *v) { diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 70856f5455..467f95c444 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -7676,11 +7676,21 @@ unicode_hash(PyUnicodeObject *self) if (self->hash != -1) return self->hash; len = Py_SIZE(self); + /* + We make the hash of the empty string be 0, rather than using + (prefix ^ suffix), since this slightly obfuscates the hash secret + */ + if (len == 0) { + self->hash = 0; + return 0; + } p = self->str; - x = *p << 7; + x = _Py_HashSecret.prefix; + x ^= *p << 7; while (--len >= 0) x = (_PyHASH_MULTIPLIER*x) ^ *p++; x ^= Py_SIZE(self); + x ^= _Py_HashSecret.suffix; if (x == -1) x = -2; self->hash = x; |