[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat
Gregory P. Smith
report at bugs.python.org
Wed Mar 14 01:27:06 CET 2012
Gregory P. Smith <greg at krypto.org> added the comment:
uploaded an updated patch (against 3.1) with the changes from r1.168 to r1.170 xmlparse.c from the expat project. it fixes the test_sax issue.
there is one other thing that needs fixing (next patch update).
The test for the hash seed being == 0 that falls back to using the expat provided trivial time() based seed undesirable. We want a hash seed of 0 to be "disabled" matching the old behavior. this might require adding a flag indicating if the hash seed has been initialized or not.
I'm also going to look at the possibility of using the Python interpreter's prefix and suffix values in some way rather than just prefix to avoid a potential of exposing the seed.
----------
Added file: http://bugs.python.org/file24831/expat-hash-randomization-002.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14234>
_______________________________________
More information about the Python-bugs-list
mailing list