Re: Plan C (was Re: Plan B for fixing 5.8.2 binary API)
On Tue, Oct 14, 2003 at 09:08:05PM +0100, Nicholas Clark <nick@ccl4.org> wrote:
>
> I'm working on a variant of plans A and B. I need 1 more HV flag. Is
>
> #define SVf_AMAGIC 0x10000000 /* has magical overloaded methods */
>
> ever set on an HV?
I think only on RVs. Though there is an odd commented out line in hv.c
magic_setamagic: /* HV_badAMAGIC_on(Sv_STASH(sv)); */
> hsplit is modified to count the length of the longest linked lists as it
> splits a hash. If it finds that the longest is over some threshold (eg 50%
> of all hash values are in one list after splitting) then the data is
> pathological, and *that hash* switches strategy.
I don't know if that's good enough. I didn't read the exploit paper,
but wouldn't they just have to have N+1 random keys before the N evil
keys to defeat your check? It would make the attack only twice as much
data (or even much less, since the random keys could be shorter.)
Good out-of-the-box thinking, though.
Reply to: