randomise hash function use

Reported by Thorsten Glaser on 2011-12-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mksh
Low
Unassigned

Bug Description

THIS IS *NOT* A SECURITY VULNERABILITY IN THE SCOPE OF mksh!

Related discussion: https://bugzilla.redhat.com/show_bug.cgi?id=750564

Use of the hash function for hashtables shall be randomised.

Target series: R41

Affected areas:
- hash tables (no; support for the associative arrays feature is as of now nonexistant)
- arrays (no; they are currently implemented as linked lists, which is another bug)
- parameters (yes, but nobody is so stupid to read user-specified data into them with evil, erm eval)
- other ktscan uses (no; not exposed to user data or scripts)

Fix direction:
• store seed with each hashtable
• ${foo@#arithexpr} will use arithexpr (default 0) as seed; consistent with current implementation
• dot.mkshrc: split off Lnz{a,aa}thash_finish; encourage users to randomise the IV

Fix implementation: split LCG, $RANDOM handling and genertic hashtable code into a new file, use that from the rest; probably goes well together with the planned-for-R41 change of indexed arrays to also use hashtables

Changed in mksh:
importance: Undecided → Low
status: New → In Progress
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers