33984e72ab
Algorithmic complexity attacks against hash tables have been known since 2003 (cf. [1, 2]), and they have been left unpatched for years until the 2011 attacks [3] against many libraries / (reference) implementations of programming languages. This patch adds a global integer, to be used as a seed for the hash function itself. The seed is randomly initialized the first time a QHash detaches from shared_null. Right now the seed is not used at all -- another patch will modify qHash to make use of it. [1] http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf [2] http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks [3] http://www.ocert.org/advisories/ocert-2011-003.html Task-number: QTBUG-23529 Change-Id: I7519e4c02b9c2794d1c14079b01330eb356e9c65 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> |
||
---|---|---|
.. | ||
generators | ||
cachekeys.h | ||
CHANGES | ||
main.cpp | ||
Makefile.unix | ||
Makefile.win32 | ||
Makefile.win32-g++ | ||
meta.cpp | ||
meta.h | ||
option.cpp | ||
option.h | ||
project.cpp | ||
project.h | ||
property.cpp | ||
property.h | ||
qmake_pch.h | ||
qmake.pri | ||
qmake.pro |