*
* Reference: Your favorite introductory book on algorithms
*
- * Copyright (C) 2000 Bjorn Reese and Daniel Veillard.
+ * Copyright (C) 2000,2012 Bjorn Reese and Daniel Veillard.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include "libxml.h"
#include <string.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+
+/*
+ * Following http://www.ocert.org/advisories/ocert-2011-003.html
+ * it seems that having hash randomization might be a good idea
+ * when using XML with untrusted data
+ */
+#if defined(HAVE_RAND) && defined(HAVE_SRAND) && defined(HAVE_TIME)
+#define HASH_RANDOMIZATION
+#endif
+
#include <libxml/parser.h>
#include <libxml/hash.h>
#include <libxml/xmlmemory.h>
int size;
int nbElems;
xmlDictPtr dict;
+#ifdef HASH_RANDOMIZATION
+ int random_seed;
+#endif
};
/*
const xmlChar *name2, const xmlChar *name3) {
unsigned long value = 0L;
char ch;
-
+
+#ifdef HASH_RANDOMIZATION
+ value = table->random_seed;
+#endif
if (name != NULL) {
value += 30 * (*name);
while ((ch = *name++) != 0) {
value = value ^ ((value << 5) + (value >> 3) + (unsigned long)ch);
}
}
+ value = value ^ ((value << 5) + (value >> 3));
if (name2 != NULL) {
while ((ch = *name2++) != 0) {
value = value ^ ((value << 5) + (value >> 3) + (unsigned long)ch);
}
}
+ value = value ^ ((value << 5) + (value >> 3));
if (name3 != NULL) {
while ((ch = *name3++) != 0) {
value = value ^ ((value << 5) + (value >> 3) + (unsigned long)ch);
const xmlChar *prefix3, const xmlChar *name3) {
unsigned long value = 0L;
char ch;
-
+
+#ifdef HASH_RANDOMIZATION
+ value = table->random_seed;
+#endif
if (prefix != NULL)
value += 30 * (*prefix);
else
value = value ^ ((value << 5) + (value >> 3) + (unsigned long)ch);
}
}
+ value = value ^ ((value << 5) + (value >> 3));
if (prefix2 != NULL) {
while ((ch = *prefix2++) != 0) {
value = value ^ ((value << 5) + (value >> 3) + (unsigned long)ch);
value = value ^ ((value << 5) + (value >> 3) + (unsigned long)ch);
}
}
+ value = value ^ ((value << 5) + (value >> 3));
if (prefix3 != NULL) {
while ((ch = *prefix3++) != 0) {
value = value ^ ((value << 5) + (value >> 3) + (unsigned long)ch);
xmlHashTablePtr
xmlHashCreate(int size) {
xmlHashTablePtr table;
-
+
if (size <= 0)
size = 256;
-
+
table = xmlMalloc(sizeof(xmlHashTable));
if (table) {
table->dict = NULL;
table->nbElems = 0;
table->table = xmlMalloc(size * sizeof(xmlHashEntry));
if (table->table) {
- memset(table->table, 0, size * sizeof(xmlHashEntry));
- return(table);
+ memset(table->table, 0, size * sizeof(xmlHashEntry));
+#ifdef HASH_RANDOMIZATION
+ table->random_seed = __xmlRandom();
+#endif
+ return(table);
}
xmlFree(table);
}
#ifdef DEBUG_GROW
unsigned long nbElem = 0;
#endif
-
+
if (table == NULL)
return(-1);
if (size < 8)
oldtable = table->table;
if (oldtable == NULL)
return(-1);
-
+
table->table = xmlMalloc(size * sizeof(xmlHashEntry));
if (table->table == NULL) {
table->table = oldtable;
table->size = size;
/* If the two loops are merged, there would be situations where
- a new entry needs to allocated and data copied into it from
+ a new entry needs to allocated and data copied into it from
the main table. So instead, we run through the array twice, first
copying all the elements in the main array (where we can't get
conflicts) and then the rest, so we only free (and don't allocate)
*/
for (i = 0; i < oldsize; i++) {
- if (oldtable[i].valid == 0)
+ if (oldtable[i].valid == 0)
continue;
key = xmlHashComputeKey(table, oldtable[i].name, oldtable[i].name2,
oldtable[i].name3);
table->table[key].next = NULL;
xmlFree(iter);
} else {
- iter->next = table->table[key].next;
- table->table[key].next = iter;
+ iter->next = table->table[key].next;
+ table->table[key].next = iter;
}
#ifdef DEBUG_GROW
inside_table = 0;
iter = next;
}
- inside_table = 0;
}
xmlFree(table->table);
}
entry->valid = 1;
- if (insert != NULL)
+ if (insert != NULL)
insert->next = entry;
table->nbElems++;
* Returns the a pointer to the userdata
*/
void *
-xmlHashLookup3(xmlHashTablePtr table, const xmlChar *name,
+xmlHashLookup3(xmlHashTablePtr table, const xmlChar *name,
const xmlChar *name2, const xmlChar *name3) {
unsigned long key;
xmlHashEntryPtr entry;
void *data;
} stubData;
-static void
-stubHashScannerFull (void *payload, void *data, const xmlChar *name,
+static void
+stubHashScannerFull (void *payload, void *data, const xmlChar *name,
const xmlChar *name2 ATTRIBUTE_UNUSED,
const xmlChar *name3 ATTRIBUTE_UNUSED) {
stubData *stubdata = (stubData *) data;
stubdata->hashscanner (payload, stubdata->data, (xmlChar *) name);
-}
-
+}
+
/**
* xmlHashScan:
* @table: the hash table
xmlHashScan(xmlHashTablePtr table, xmlHashScanner f, void *data) {
stubData stubdata;
stubdata.data = data;
- stubdata.hashscanner = f;
+ stubdata.hashscanner = f;
xmlHashScanFull (table, stubHashScannerFull, &stubdata);
}
*/
void
xmlHashScanFull(xmlHashTablePtr table, xmlHashScannerFull f, void *data) {
- int i;
+ int i, nb;
xmlHashEntryPtr iter;
xmlHashEntryPtr next;
if (table->table) {
for(i = 0; i < table->size; i++) {
- if (table->table[i].valid == 0)
+ if (table->table[i].valid == 0)
continue;
iter = &(table->table[i]);
while (iter) {
next = iter->next;
+ nb = table->nbElems;
if ((f != NULL) && (iter->payload != NULL))
f(iter->payload, data, iter->name,
iter->name2, iter->name3);
- iter = next;
+ if (nb != table->nbElems) {
+ /* table was modified by the callback, be careful */
+ if (iter == &(table->table[i])) {
+ if (table->table[i].valid == 0)
+ iter = NULL;
+ if (table->table[i].next != next)
+ iter = &(table->table[i]);
+ } else
+ iter = next;
+ } else
+ iter = next;
}
}
}
* the comparison is considered to match.
*/
void
-xmlHashScan3(xmlHashTablePtr table, const xmlChar *name,
+xmlHashScan3(xmlHashTablePtr table, const xmlChar *name,
const xmlChar *name2, const xmlChar *name3,
xmlHashScanner f, void *data) {
xmlHashScanFull3 (table, name, name2, name3,
* the comparison is considered to match.
*/
void
-xmlHashScanFull3(xmlHashTablePtr table, const xmlChar *name,
+xmlHashScanFull3(xmlHashTablePtr table, const xmlChar *name,
const xmlChar *name2, const xmlChar *name3,
xmlHashScannerFull f, void *data) {
int i;
return(NULL);
ret = xmlHashCreate(table->size);
+ if (ret == NULL)
+ return(NULL);
+
if (table->table) {
for(i = 0; i < table->size; i++) {
if (table->table[i].valid == 0)