diff options
-rw-r--r-- | auto.def | 2 | ||||
-rw-r--r-- | jim.c | 13 | ||||
-rw-r--r-- | jim.h | 3 | ||||
-rw-r--r-- | jim_tcl.txt | 1 |
4 files changed, 16 insertions, 3 deletions
@@ -18,6 +18,7 @@ options { with-jim-shared shared => "build a shared library instead of a static library" jim-regexp=1 => "prefer POSIX regex if over the the built-in (Tcl-compatible) regex" docs=1 => "don't build or install the documentation" + random-hash => "randomise hash tables. more secure but hash table results are not predicable" with-jim-ext: {with-ext:"ext1 ext2 ..."} => { Specify additional jim extensions to include. These are enabled by default: @@ -189,6 +190,7 @@ if {[opt-bool shared with-jim-shared]} { define LIBSOEXT [format [get-define SH_SOEXTVER] [format %.2f [expr {[get-define JIM_VERSION] / 100.0}]]] define JIM_INSTALL [opt-bool install-jim] define JIM_DOCS [opt-bool docs] +define JIM_RANDOMISE_HASH [opt-bool random-hash] # Attributes of the extensions # tcl=Pure Tcl extension @@ -766,8 +766,7 @@ unsigned int Jim_GenHashFunction(const unsigned char *buf, int len) /* ----------------------------- API implementation ------------------------- */ -/* reset a hashtable already initialized with ht_init(). - * NOTE: This function should only called by ht_destroy(). */ +/* reset a hashtable already initialized */ static void JimResetHashTable(Jim_HashTable *ht) { ht->table = NULL; @@ -775,6 +774,14 @@ static void JimResetHashTable(Jim_HashTable *ht) ht->sizemask = 0; ht->used = 0; ht->collisions = 0; +#ifdef JIM_RANDOMISE_HASH + /* This is initialised to a random value to avoid a hash collision attack. + * See: n.runs-SA-2011.004 + */ + ht->uniq = (rand() ^ time(NULL) ^ clock()); +#else + ht->uniq = 0; +#endif } static void JimInitHashTableIterator(Jim_HashTable *ht, Jim_HashTableIterator *iter) @@ -820,6 +827,8 @@ void Jim_ExpandHashTable(Jim_HashTable *ht, unsigned int size) n.size = realsize; n.sizemask = realsize - 1; n.table = Jim_Alloc(realsize * sizeof(Jim_HashEntry *)); + /* Keep the same 'uniq' as the original */ + n.uniq = ht->uniq; /* Initialize all the pointers to NULL */ memset(n.table, 0, realsize * sizeof(Jim_HashEntry *)); @@ -217,6 +217,7 @@ typedef struct Jim_HashTable { unsigned int sizemask; unsigned int used; unsigned int collisions; + unsigned int uniq; void *privdata; } Jim_HashTable; @@ -257,7 +258,7 @@ typedef struct Jim_HashTableIterator { (ht)->type->keyCompare((ht)->privdata, key1, key2) : \ (key1) == (key2)) -#define Jim_HashKey(ht, key) (ht)->type->hashFunction(key) +#define Jim_HashKey(ht, key) ((ht)->type->hashFunction(key) + (ht)->uniq) #define Jim_GetHashEntryKey(he) ((he)->key) #define Jim_GetHashEntryVal(he) ((he)->val) diff --git a/jim_tcl.txt b/jim_tcl.txt index 19238b3..3c7a2fb 100644 --- a/jim_tcl.txt +++ b/jim_tcl.txt @@ -59,6 +59,7 @@ Changes between 0.74 and 0.75 4. `lsort` now supports '-unique' and '-real' 5. Add support for half-close with `aio close` ?r|w? 6. Add `socket pair` for a bidirectional pipe +7. Add --random-hash to randomise hash tables for greater security Changes between 0.73 and 0.74 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |