mirror of
				https://github.com/python/cpython.git
				synced 2025-10-26 11:14:33 +00:00 
			
		
		
		
	Merge from 3.1: Issue #13703: add a way to randomize the hash values of basic types (str, bytes, datetime)
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated. The environment variable PYTHONHASHSEED and the new command line flag -R control this behavior.
This commit is contained in:
		
						commit
						09a7c72cad
					
				
					 34 changed files with 676 additions and 162 deletions
				
			
		|  | @ -7676,11 +7676,21 @@ unicode_hash(PyUnicodeObject *self) | |||
|     if (self->hash != -1) | ||||
|         return self->hash; | ||||
|     len = Py_SIZE(self); | ||||
|     /*
 | ||||
|       We make the hash of the empty string be 0, rather than using | ||||
|       (prefix ^ suffix), since this slightly obfuscates the hash secret | ||||
|     */ | ||||
|     if (len == 0) { | ||||
|         self->hash = 0; | ||||
|         return 0; | ||||
|     } | ||||
|     p = self->str; | ||||
|     x = *p << 7; | ||||
|     x = _Py_HashSecret.prefix; | ||||
|     x ^= *p << 7; | ||||
|     while (--len >= 0) | ||||
|         x = (_PyHASH_MULTIPLIER*x) ^ *p++; | ||||
|     x ^= Py_SIZE(self); | ||||
|     x ^= _Py_HashSecret.suffix; | ||||
|     if (x == -1) | ||||
|         x = -2; | ||||
|     self->hash = x; | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Georg Brandl
						Georg Brandl