diff options
| author | Giuseppe D'Angelo <dangelog@gmail.com> | 2012-03-24 08:50:02 +0000 |
|---|---|---|
| committer | Qt by Nokia <qt-info@nokia.com> | 2012-04-04 13:02:58 +0200 |
| commit | 9a77171ccc2838c2fd7b666ed9ee9c7ba8ebd488 (patch) | |
| tree | c2b090636b77d3019b3da9389c596d3753b526f7 /src/dbus | |
| parent | fb20f9c2da369b07fc50857a90b596ae63f943da (diff) | |
QHash security fix (1.5/2): qHash two arguments overload support
Algorithmic complexity attacks against hash tables have been known
since 2003 (cf. [1, 2]), and they have been left unpatched for years
until the 2011 attacks [3] against many libraries /
(reference) implementations of programming languages.
This patch adds a qHash overload taking two arguments: the value to
be hashed, and a uint to be used as a seed for the hash function
itself (support the global QHash seed was added in a previous patch).
The seed itself is not used just yet; instead, 0 is passed.
Compatibility with the one-argument qHash(T) implementation is kept
through a catch-all template.
[1] http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf
[2] http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks
[3] http://www.ocert.org/advisories/ocert-2011-003.html
Task-number: QTBUG-23529
Change-Id: I1d0a84899476d134db455418c8043a349a7e5317
Reviewed-by: João Abecasis <joao.abecasis@nokia.com>
Diffstat (limited to 'src/dbus')
| -rw-r--r-- | src/dbus/qdbusextratypes.h | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/dbus/qdbusextratypes.h b/src/dbus/qdbusextratypes.h index a905cff590..d8bdf7424c 100644 --- a/src/dbus/qdbusextratypes.h +++ b/src/dbus/qdbusextratypes.h @@ -47,6 +47,7 @@ #include <QtCore/qvariant.h> #include <QtCore/qstring.h> #include <QtDBus/qdbusmacros.h> +#include <QtCore/qhash.h> #ifndef QT_NO_DBUS @@ -55,9 +56,6 @@ QT_BEGIN_HEADER QT_BEGIN_NAMESPACE -// defined in qhash.cpp -Q_CORE_EXPORT uint qHash(const QString &key); - class Q_DBUS_EXPORT QDBusObjectPath { QString m_path; |