Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes

in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project.
author: Gregory P. Smith <greg@krypto.org> 2012-03-14 21:41:00 (GMT)
committer: Gregory P. Smith <greg@krypto.org> 2012-03-14 21:41:00 (GMT)
commit: 373c7409245bb22da1e6e45ba1cb3818904c51a9 (patch)
tree: 0046658e32fe2018404b6d03936eab2d3c005092 /Modules/pyexpat.c
parent: 9fd170e2d053bd86592b8728bdd00cf2d2a06d0b (diff)
parent: 8e91cf6a5e5be8f84132498d5654d6ad2e4d54c2 (diff)
download: cpython-373c7409245bb22da1e6e45ba1cb3818904c51a9.zip
cpython-373c7409245bb22da1e6e45ba1cb3818904c51a9.tar.gz
cpython-373c7409245bb22da1e6e45ba1cb3818904c51a9.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
index 849423f..c1142de 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -1150,6 +1150,8 @@ newxmlparseobject(char *encoding, char *namespace_separator, PyObject *intern)
     else {
         self->itself = XML_ParserCreate(encoding);
     }
+    XML_SetHashSalt(self->itself,
+                    (unsigned long)_Py_HashSecret.prefix);
     self->intern = intern;
     Py_XINCREF(self->intern);
     PyObject_GC_Track(self);
author	Gregory P. Smith <greg@krypto.org>	2012-03-14 21:41:00 (GMT)
committer	Gregory P. Smith <greg@krypto.org>	2012-03-14 21:41:00 (GMT)
commit	373c7409245bb22da1e6e45ba1cb3818904c51a9 (patch)
tree	0046658e32fe2018404b6d03936eab2d3c005092 /Modules/pyexpat.c
parent	9fd170e2d053bd86592b8728bdd00cf2d2a06d0b (diff)
parent	8e91cf6a5e5be8f84132498d5654d6ad2e4d54c2 (diff)
download	cpython-373c7409245bb22da1e6e45ba1cb3818904c51a9.zip cpython-373c7409245bb22da1e6e45ba1cb3818904c51a9.tar.gz cpython-373c7409245bb22da1e6e45ba1cb3818904c51a9.tar.bz2