From aba22072c085e158ea7497ffcc521467ee1c75ac Mon Sep 17 00:00:00 2001
From: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 20 Jun 2008 02:46:17 +0000
Subject: * string.c (rb_memhash): randomize hash to avoid algorithmic  
 complexity attacks.   (rb_str_hash): use rb_memhash.

* include/ruby/intern.h (rb_reset_random_seed): declared.

* thread.c (rb_thread_atfork): call rb_reset_random_seed.

* inits.c (rb_call_inits): call Init_RandomSeed at first.

* random.c (seed_initialized): defined.
  (fill_random_seed): extracted from random_seed.
  (make_seed_value): extracted from random_seed.
  (rb_f_rand): initialize random seed at first.
  (initial_seed): defined.
  (Init_RandomSeed): defined.
  (Init_RandomSeed2): defined.
  (rb_reset_random_seed): defined.
  (Init_Random): call Init_RandomSeed2.


git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@17465 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 string.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'string.c')

diff --git a/string.c b/string.c
index c19544dea..5c46d6160 100644
--- a/string.c
+++ b/string.c
@@ -1820,13 +1820,21 @@ hash(const unsigned char * data, int len, unsigned int h)
 int
 rb_memhash(const void *ptr, long len)
 {
-    return hash(ptr, len, 0);
+    static int hashseed_init = 0;
+    static unsigned int hashseed;
+
+    if (!hashseed_init) {
+        hashseed = rb_genrand_int32();
+        hashseed_init = 1;
+    }
+
+    return hash(ptr, len, hashseed);
 }
 
 int
 rb_str_hash(VALUE str)
 {
-    return hash((const void *)RSTRING_PTR(str), RSTRING_LEN(str), 0);
+    return rb_memhash((const void *)RSTRING_PTR(str), RSTRING_LEN(str));
 }
 
 int
-- 
cgit