diff options
author | Giuseppe D'Angelo <dangelog@gmail.com> | 2012-03-24 08:50:02 +0000 |
---|---|---|
committer | Qt by Nokia <qt-info@nokia.com> | 2012-04-14 17:59:26 +0200 |
commit | c01eaa438200edc9a3bbcd8ae1e8ded058bea268 (patch) | |
tree | d0067ffcc32322f67f39a326000a32a9a9325658 /src/corelib | |
parent | c2293c897c9f2e35dffec777c19577c0f6052e81 (diff) |
QHash security fix (2/2): enable QHash random seed
Algorithmic complexity attacks against hash tables have been known
since 2003 (cf. [1, 2]), and they have been left unpatched for years
until the 2011 attacks [3] against many libraries /
(reference) implementations of programming languages.
This patch makes qHash use the QHash seed introduced in the
previous commits, thus truly randomizing bucketing in QHash.
[1] http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf
[2] http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks
[3] http://www.ocert.org/advisories/ocert-2011-003.html
Task-number: QTBUG-23529
Change-Id: Ibee9cf6aa820af5d777fcde478647665c728052a
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
Diffstat (limited to 'src/corelib')
-rw-r--r-- | src/corelib/tools/qhash.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/corelib/tools/qhash.h b/src/corelib/tools/qhash.h index e3188729c5..fe6a8dfad1 100644 --- a/src/corelib/tools/qhash.h +++ b/src/corelib/tools/qhash.h @@ -874,7 +874,7 @@ Q_OUTOFLINE_TEMPLATE typename QHash<Key, T>::Node **QHash<Key, T>::findNode(cons uint h = 0; if (d->numBuckets || ahp) { - h = qHash(akey, 0); + h = qHash(akey, d->seed); if (ahp) *ahp = h; } |