AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,848 Commits 4 Branches 0 Tags 339 MiB
C++ 84.2%
HTML 5.1%
C 4.2%
CMake 2.9%
Objective-C++ 2%
Other 1%
9a77171ccc
Go to file
Giuseppe D'Angelo 9a77171ccc QHash security fix (1.5/2): qHash two arguments overload support 
Algorithmic complexity attacks against hash tables have been known
since 2003 (cf. [1, 2]), and they have been left unpatched for years
until the 2011 attacks [3] against many libraries /
(reference) implementations of programming languages.

This patch adds a qHash overload taking two arguments: the value to
be hashed, and a uint to be used as a seed for the hash function
itself (support the global QHash seed was added in a previous patch).
The seed itself is not used just yet; instead, 0 is passed.

Compatibility with the one-argument qHash(T) implementation is kept
through a catch-all template.

[1] http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf
[2] http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks
[3] http://www.ocert.org/advisories/ocert-2011-003.html

Task-number: QTBUG-23529
Change-Id: I1d0a84899476d134db455418c8043a349a7e5317
Reviewed-by: João Abecasis <joao.abecasis@nokia.com>
2012-04-04 13:02:58 +02:00
bin Fix qtmodule-configtests to honor error codes 2012-03-08 23:52:34 +01:00
config.tests Merge master into api_changes 2012-03-27 19:22:48 +02:00
dist QHash security fix (1.5/2): qHash two arguments overload support 2012-04-04 13:02:58 +02:00
doc/src QHash security fix (1.5/2): qHash two arguments overload support 2012-04-04 13:02:58 +02:00
examples Merge master into api_changes 2012-03-23 14:10:58 +01:00
lib Initial import from the monolithic Qt. 2011-04-27 12:05:43 +02:00
mkspecs Merge master into api_changes 2012-03-27 19:22:48 +02:00
qmake QHash security fix (1/2): add global QHash seed 2012-04-03 19:12:13 +02:00
src QHash security fix (1.5/2): qHash two arguments overload support 2012-04-04 13:02:58 +02:00
tests QHash security fix (1.5/2): qHash two arguments overload support 2012-04-04 13:02:58 +02:00
tools QHash security fix (1/2): add global QHash seed 2012-04-03 19:12:13 +02:00
util QLocale: Merge month name data storage to save 50KB memory 2012-04-03 19:12:27 +02:00
.gitattributes Added .tag file with Git revision. 2011-05-03 16:23:49 +02:00
.gitignore device: Add -device and -device-option to configure 2012-03-27 05:35:57 +02:00
.tag Added .tag file with Git revision. 2011-05-03 16:23:49 +02:00
configure Remove the -no-stl option from configure 2012-03-28 16:31:34 +02:00
configure.bat Remove Q_BYTE_ORDER and -*-endian arguments from configures 2012-03-02 14:48:00 +01:00
header.BSD Remove "All rights reserved" line from license headers. 2012-01-30 03:54:59 +01:00
header.FDL Remove "All rights reserved" line from license headers. 2012-01-30 03:54:59 +01:00
header.LGPL Remove "All rights reserved" line from license headers. 2012-01-30 03:54:59 +01:00
header.LGPL-ONLY Remove "All rights reserved" line from license headers. 2012-01-30 03:54:59 +01:00
INSTALL Remove Symbian specific code from qtbase. 2012-01-31 07:08:31 +01:00
LGPL_EXCEPTION.txt Initial import from the monolithic Qt. 2011-04-27 12:05:43 +02:00
LICENSE.FDL Initial import from the monolithic Qt. 2011-04-27 12:05:43 +02:00
LICENSE.LGPL Update contact information in license headers. 2012-01-23 04:04:33 +01:00
LICENSE.PREVIEW.COMMERCIAL Initial import from the monolithic Qt. 2011-04-27 12:05:43 +02:00
qtbase.pro device: Add -device and -device-option to configure 2012-03-27 05:35:57 +02:00
sync.profile Add qprocessordetection.h 2012-02-08 12:33:11 +01:00