oss-sec mailing list archives
expat hash collision fix too predictable?
From: Marcus Meissner <meissner () suse de>
Date: Thu, 5 Apr 2012 11:30:27 +0200
Hi, while reviewing a expat regression (likely caused by the hash collision denial of service fix, but unclear) i stumbled about the randomness it uses. static unsigned long generate_hash_secret_salt(void) { unsigned int seed = time(NULL) % UINT_MAX; srand(seed); return rand(); } and it is seeded once at parser object creation. This is better than not seeding, but I am not sure if it is sufficient. Ciao, Marcus
Current thread:
- expat hash collision fix too predictable? Marcus Meissner (Apr 05)
- Re: expat hash collision fix too predictable? Andreas Ericsson (Apr 05)
- Re: expat hash collision fix too predictable? Kurt Seifried (Apr 05)