net/tinyproxy/patches/CVE-2012-3505-tiniproxy-randomized-hashmaps.patch

   1 --- a/src/child.c
   2 +++ b/src/child.c
   3 @@ -20,6 +20,9 @@
   4   * processing incoming connections.
   5   */
   6
   7 +#include <stdlib.h>
   8 +#include <time.h>
   9 +
  10  #include "main.h"
  11
  12  #include "child.h"
  13 @@ -196,6 +199,7 @@ static void child_main (struct child_s *
  14          }
  15
  16          ptr->connects = 0;
  17 +       srand(time(NULL));
  18
  19          while (!config.quit) {
  20                  ptr->status = T_WAITING;
  21 --- a/src/hashmap.c
  22 +++ b/src/hashmap.c
  23 @@ -25,6 +25,8 @@
  24   * don't try to free the data, or realloc the memory. :)
  25   */
  26
  27 +#include <stdlib.h>
  28 +
  29  #include "main.h"
  30
  31  #include "hashmap.h"
  32 @@ -50,6 +52,7 @@ struct hashbucket_s {
  33  };
  34
  35  struct hashmap_s {
  36 +        uint32_t seed;
  37          unsigned int size;
  38          hashmap_iter end_iterator;
  39
  40 @@ -65,7 +68,7 @@ struct hashmap_s {
  41   *
  42   * If any of the arguments are invalid a negative number is returned.
  43   */
  44 -static int hashfunc (const char *key, unsigned int size)
  45 +static int hashfunc (const char *key, unsigned int size, uint32_t seed)
  46  {
  47          uint32_t hash;
  48
  49 @@ -74,7 +77,7 @@ static int hashfunc (const char *key, un
  50          if (size == 0)
  51                  return -ERANGE;
  52
  53 -        for (hash = tolower (*key++); *key != '\0'; key++) {
  54 +        for (hash = seed; *key != '\0'; key++) {
  55                  uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0;
  56
  57                  hash >>= 1;
  58 @@ -104,6 +107,7 @@ hashmap_t hashmap_create (unsigned int n
  59          if (!ptr)
  60                  return NULL;
  61
  62 +       ptr->seed = (uint32_t)rand();
  63          ptr->size = nbuckets;
  64          ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets,
  65                                                             sizeof (struct
  66 @@ -201,7 +205,7 @@ hashmap_insert (hashmap_t map, const cha
  67          if (!data || len < 1)
  68                  return -ERANGE;
  69
  70 -        hash = hashfunc (key, map->size);
  71 +        hash = hashfunc (key, map->size, map->seed);
  72          if (hash < 0)
  73                  return hash;
  74
  75 @@ -382,7 +386,7 @@ ssize_t hashmap_search (hashmap_t map, c
  76          if (map == NULL || key == NULL)
  77                  return -EINVAL;
  78
  79 -        hash = hashfunc (key, map->size);
  80 +        hash = hashfunc (key, map->size, map->seed);
  81          if (hash < 0)
  82                  return hash;
  83
  84 @@ -416,7 +420,7 @@ ssize_t hashmap_entry_by_key (hashmap_t
  85          if (!map || !key || !data)
  86                  return -EINVAL;
  87
  88 -        hash = hashfunc (key, map->size);
  89 +        hash = hashfunc (key, map->size, map->seed);
  90          if (hash < 0)
  91                  return hash;
  92
  93 @@ -451,7 +455,7 @@ ssize_t hashmap_remove (hashmap_t map, c
  94          if (map == NULL || key == NULL)
  95                  return -EINVAL;
  96
  97 -        hash = hashfunc (key, map->size);
  98 +        hash = hashfunc (key, map->size, map->seed);
  99          if (hash < 0)
 100                  return hash;
 101