Без опису

CVE-2012-3505-tiniproxy-randomized-hashmaps.patch 2.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. --- a/src/child.c
  2. +++ b/src/child.c
  3. @@ -20,6 +20,9 @@
  4. * processing incoming connections.
  5. */
  6. +#include <stdlib.h>
  7. +#include <time.h>
  8. +
  9. #include "main.h"
  10. #include "child.h"
  11. @@ -196,6 +199,7 @@ static void child_main (struct child_s *
  12. }
  13. ptr->connects = 0;
  14. + srand(time(NULL));
  15. while (!config.quit) {
  16. ptr->status = T_WAITING;
  17. --- a/src/hashmap.c
  18. +++ b/src/hashmap.c
  19. @@ -25,6 +25,8 @@
  20. * don't try to free the data, or realloc the memory. :)
  21. */
  22. +#include <stdlib.h>
  23. +
  24. #include "main.h"
  25. #include "hashmap.h"
  26. @@ -50,6 +52,7 @@ struct hashbucket_s {
  27. };
  28. struct hashmap_s {
  29. + uint32_t seed;
  30. unsigned int size;
  31. hashmap_iter end_iterator;
  32. @@ -65,7 +68,7 @@ struct hashmap_s {
  33. *
  34. * If any of the arguments are invalid a negative number is returned.
  35. */
  36. -static int hashfunc (const char *key, unsigned int size)
  37. +static int hashfunc (const char *key, unsigned int size, uint32_t seed)
  38. {
  39. uint32_t hash;
  40. @@ -74,7 +77,7 @@ static int hashfunc (const char *key, un
  41. if (size == 0)
  42. return -ERANGE;
  43. - for (hash = tolower (*key++); *key != '\0'; key++) {
  44. + for (hash = seed; *key != '\0'; key++) {
  45. uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0;
  46. hash >>= 1;
  47. @@ -104,6 +107,7 @@ hashmap_t hashmap_create (unsigned int n
  48. if (!ptr)
  49. return NULL;
  50. + ptr->seed = (uint32_t)rand();
  51. ptr->size = nbuckets;
  52. ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets,
  53. sizeof (struct
  54. @@ -201,7 +205,7 @@ hashmap_insert (hashmap_t map, const cha
  55. if (!data || len < 1)
  56. return -ERANGE;
  57. - hash = hashfunc (key, map->size);
  58. + hash = hashfunc (key, map->size, map->seed);
  59. if (hash < 0)
  60. return hash;
  61. @@ -382,7 +386,7 @@ ssize_t hashmap_search (hashmap_t map, c
  62. if (map == NULL || key == NULL)
  63. return -EINVAL;
  64. - hash = hashfunc (key, map->size);
  65. + hash = hashfunc (key, map->size, map->seed);
  66. if (hash < 0)
  67. return hash;
  68. @@ -416,7 +420,7 @@ ssize_t hashmap_entry_by_key (hashmap_t
  69. if (!map || !key || !data)
  70. return -EINVAL;
  71. - hash = hashfunc (key, map->size);
  72. + hash = hashfunc (key, map->size, map->seed);
  73. if (hash < 0)
  74. return hash;
  75. @@ -451,7 +455,7 @@ ssize_t hashmap_remove (hashmap_t map, c
  76. if (map == NULL || key == NULL)
  77. return -EINVAL;
  78. - hash = hashfunc (key, map->size);
  79. + hash = hashfunc (key, map->size, map->seed);
  80. if (hash < 0)
  81. return hash;