Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes

in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project.
author: Gregory P. Smith <greg@krypto.org> 2012-03-14 22:00:39 (GMT)
committer: Gregory P. Smith <greg@krypto.org> 2012-03-14 22:00:39 (GMT)
commit: 70c9c4dca6bcb9b304c48915b32af74d133c01cc (patch)
tree: ced377b024f112cc9cecb46c719582752393cbac /Modules/pyexpat.c
parent: e7c8fdee18494238cc93eb895001398ceb7d12fb (diff)
parent: 373c7409245bb22da1e6e45ba1cb3818904c51a9 (diff)
download: cpython-70c9c4dca6bcb9b304c48915b32af74d133c01cc.zip
cpython-70c9c4dca6bcb9b304c48915b32af74d133c01cc.tar.gz
cpython-70c9c4dca6bcb9b304c48915b32af74d133c01cc.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
index 1bc4ffa..a2da67a 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -1156,6 +1156,8 @@ newxmlparseobject(char *encoding, char *namespace_separator, PyObject *intern)
     else {
         self->itself = XML_ParserCreate(encoding);
     }
+    XML_SetHashSalt(self->itself,
+                    (unsigned long)_Py_HashSecret.prefix);
     self->intern = intern;
     Py_XINCREF(self->intern);
     PyObject_GC_Track(self);
author	Gregory P. Smith <greg@krypto.org>	2012-03-14 22:00:39 (GMT)
committer	Gregory P. Smith <greg@krypto.org>	2012-03-14 22:00:39 (GMT)
commit	70c9c4dca6bcb9b304c48915b32af74d133c01cc (patch)
tree	ced377b024f112cc9cecb46c719582752393cbac /Modules/pyexpat.c
parent	e7c8fdee18494238cc93eb895001398ceb7d12fb (diff)
parent	373c7409245bb22da1e6e45ba1cb3818904c51a9 (diff)
download	cpython-70c9c4dca6bcb9b304c48915b32af74d133c01cc.zip cpython-70c9c4dca6bcb9b304c48915b32af74d133c01cc.tar.gz cpython-70c9c4dca6bcb9b304c48915b32af74d133c01cc.tar.bz2