review.tizen.org Git - profile/ivi/qtbase.git/commit

author	Giuseppe D'Angelo <dangelog@gmail.com>
	Sat, 24 Mar 2012 08:50:02 +0000 (08:50 +0000)
committer	Qt by Nokia <qt-info@nokia.com>
	Wed, 4 Apr 2012 11:02:58 +0000 (13:02 +0200)
commit	9a77171ccc2838c2fd7b666ed9ee9c7ba8ebd488
tree	c2b090636b77d3019b3da9389c596d3753b526f7	tree \| snapshot
parent	fb20f9c2da369b07fc50857a90b596ae63f943da	commit \| diff

QHash security fix (1.5/2): qHash two arguments overload support

Algorithmic complexity attacks against hash tables have been known
since 2003 (cf. [1, 2]), and they have been left unpatched for years
until the 2011 attacks [3] against many libraries /
(reference) implementations of programming languages.

This patch adds a qHash overload taking two arguments: the value to
be hashed, and a uint to be used as a seed for the hash function
itself (support the global QHash seed was added in a previous patch).
The seed itself is not used just yet; instead, 0 is passed.

Compatibility with the one-argument qHash(T) implementation is kept
through a catch-all template.

[1] http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf
[2] http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks
[3] http://www.ocert.org/advisories/ocert-2011-003.html

Task-number: QTBUG-23529
Change-Id: I1d0a84899476d134db455418c8043a349a7e5317
Reviewed-by: João Abecasis <joao.abecasis@nokia.com>

dist/changes-5.0.0		diff \| blob \| history
doc/src/snippets/code/src_corelib_tools_qhash.cpp		diff \| blob \| history
src/corelib/tools/qbitarray.h		diff \| blob \| history
src/corelib/tools/qhash.cpp		diff \| blob \| history
src/corelib/tools/qhash.h		diff \| blob \| history
src/dbus/qdbusextratypes.h		diff \| blob \| history
tests/auto/corelib/tools/qhash/tst_qhash.cpp		diff \| blob \| history