Bug#229785: sessreg.c bug

To: debian-x@debian.org
Cc: 229785@bugs.debian.org
Subject: Bug#229785: sessreg.c bug
From: Margarita Manterola <marga@marga.com.ar>
Date: Sat, 31 Jan 2004 05:40:15 -0300
Message-id: <[🔎] 20040131084015.GA10216@localhost>
Reply-to: Margarita Manterola <marga@marga.com.ar>, 229785@bugs.debian.org

Hi!

I reported the bug 229785 referred to a problem with host registering in
sessreg.c.

After a whole night of hacking with two other friends, we came up with a
patch to sessreg.c that hashes the display instead of using the last 4
characters.  We think this is pretty nice.

We tested it with a dictionary, and it lost only 1 entry in 1000 and 
15 entries in 5000 lines.  We think it might take a little bit longer to
make the transaction, but that's not really an issue.

Please give us some feedback if you think it worth.

Oh, and is there some special types we should have used instead of
unsigned long int and char, to guarantee 4 and 1 byte?

Love,
Margarita Manterola.

--- sessreg.c	2004-01-31 03:34:56.000000000 -0300
+++ sessreg.new.c	2004-01-31 05:24:13.000000000 -0300
@@ -123,6 +123,18 @@
 
 static void set_utmp (struct utmp *u, char *line, char *user, char *host, Time_t date, int addp);
 
+#ifdef SYSV
+/* Use for hashing ut_id */
+typedef  unsigned long  int  ub4;   /* unsigned 4-byte quantities */
+typedef  unsigned       char ub1;   /* unsigned 1-byte quantities */
+
+#define hashsize(n) ((ub4)1<<(n))
+#define hashmask(n) (hashsize(n)-1)
+
+ub4 hash(register ub1 *k, register ub4 length, register ub4 initval);
+
+#endif 
+
 int	wflag, uflag, lflag;
 char	*wtmp_file, *utmp_file, *line;
 int	utmp_none, wtmp_none;
@@ -147,6 +159,7 @@
 static int findslot (char *line_name, char *host_name, int addp, int slot);
 static int Xslot (char *ttys_file, char *servers_file, char *tty_line,
 		  char *host_name, int addp);
+
 #endif
 
 static int
@@ -369,22 +382,22 @@
 		bzero (u->ut_name, sizeof (u->ut_name));
 #ifdef SYSV
 	if (line) {
-		int	i;
-		/*
-		 * this is a bit crufty, but
-		 * follows the apparent conventions in
-		 * the ttys file.  ut_id is only 4 bytes
-		 * long, and the last 4 bytes of the line
-		 * name are written into it, left justified.
+		/* 
+		 * The ut_id is 4 bytes long.  We make a hash of the 
+		 * line received, preceding it by ":" to prevent 
+		 * clashing with other ut_ids 
 		 */
-		i = strlen (line);
-		if (i >= sizeof (u->ut_id))
-			i -= sizeof (u->ut_id);
-		else
-			i = 0;
-		(void) strncpy (u->ut_id, line + i, sizeof (u->ut_id));
+		ub4 h;
+		u->ut_id[0]=':';
+		h = hash(line, strlen(line),0x9e3779b9);
+		h = (h & hashmask((sizeof(u->ut_id)-sizeof(char))*8));
+		(void) strncpy (u->ut_id + 1,(char *) &h,  sizeof (u->ut_id)-sizeof(char));
 	} else
-		bzero (u->ut_id, sizeof (u->ut_id));
+		bzero (u->ut_id, sizeof (u->ut_id)); /* TODO: CHECK this  */
+		/* From utmp(5):
+		 * Clearing ut_id may result in race conditions leading to corrupted
+		 * utmp entries and and potential security holes.
+		 */
 	if (addp) {
 		u->ut_pid = getppid ();
 		u->ut_type = USER_PROCESS;
@@ -520,3 +533,117 @@
 		return freeslot;
 }
 #endif
+
+#ifdef SYSV
+/*
+--------------------------------------------------------------------
+mix -- mix 3 32-bit values reversibly.
+For every delta with one or two bits set, and the deltas of all three
+  high bits or all three low bits, whether the original value of a,b,c
+  is almost all zero or is uniformly distributed,
+* If mix() is run forward or backward, at least 32 bits in a,b,c
+  have at least 1/4 probability of changing.
+* If mix() is run forward, every bit of c will change between 1/3 and
+  2/3 of the time.  (Well, 22/100 and 78/100 for some 2-bit deltas.)
+mix() was built out of 36 single-cycle latency instructions in a 
+  structure that could supported 2x parallelism, like so:
+      a -= b; 
+      a -= c; x = (c>>13);
+      b -= c; a ^= x;
+      b -= a; x = (a<<8);
+      c -= a; b ^= x;
+      c -= b; x = (b>>13);
+      ...
+  Unfortunately, superscalar Pentiums and Sparcs can't take advantage 
+  of that parallelism.  They've also turned some of those single-cycle
+  latency instructions into multi-cycle latency instructions.  Still,
+  this is the fastest good hash I could find.  There were about 2^^68
+  to choose from.  I only looked at a billion or so.
+--------------------------------------------------------------------
+*/
+#define mix(a,b,c) \
+{ \
+  a -= b; a -= c; a ^= (c>>13); \
+  b -= c; b -= a; b ^= (a<<8); \
+  c -= a; c -= b; c ^= (b>>13); \
+  a -= b; a -= c; a ^= (c>>12);  \
+  b -= c; b -= a; b ^= (a<<16); \
+  c -= a; c -= b; c ^= (b>>5); \
+  a -= b; a -= c; a ^= (c>>3);  \
+  b -= c; b -= a; b ^= (a<<10); \
+  c -= a; c -= b; c ^= (b>>15); \
+}
+
+/*
+--------------------------------------------------------------------
+hash() -- hash a variable-length key into a 32-bit value
+  k       : the key (the unaligned variable-length array of bytes)
+  len     : the length of the key, counting by bytes
+  initval : can be any 4-byte value
+Returns a 32-bit value.  Every bit of the key affects every bit of
+the return value.  Every 1-bit and 2-bit delta achieves avalanche.
+About 6*len+35 instructions.
+
+The best hash table sizes are powers of 2.  There is no need to do
+mod a prime (mod is sooo slow!).  If you need less than 32 bits,
+use a bitmask.  For example, if you need only 10 bits, do
+  h = (h & hashmask(10));
+In which case, the hash table should have hashsize(10) elements.
+
+If you are hashing n strings (ub1 **)k, do it like this:
+  for (i=0, h=0; i<n; ++i) h = hash( k[i], len[i], h);
+
+By Bob Jenkins, 1996.  bob_jenkins@burtleburtle.net.  You may use this
+code any way you wish, private, educational, or commercial.  It's free.
+
+See http://burtleburtle.net/bob/hash/evahash.html
+Use for hash table lookup, or anything where one collision in 2^^32 is
+acceptable.  Do NOT use for cryptographic purposes.
+--------------------------------------------------------------------
+*/
+
+ub4 
+hash(register ub1 *k, register ub4 length, register ub4 initval)
+{
+   register ub4 a,b,c,len;
+
+   /* Set up the internal state */
+   len = length;
+   a = b = 0x9e3779b9;  /* the golden ratio; an arbitrary value */
+   c = initval;         /* the previous hash value */
+
+   /*---------------------------------------- handle most of the key */
+   while (len >= 12)
+   {
+      a += (k[0] +((ub4)k[1]<<8) +((ub4)k[2]<<16) +((ub4)k[3]<<24));
+      b += (k[4] +((ub4)k[5]<<8) +((ub4)k[6]<<16) +((ub4)k[7]<<24));
+      c += (k[8] +((ub4)k[9]<<8) +((ub4)k[10]<<16)+((ub4)k[11]<<24));
+      mix(a,b,c);
+      k += 12; len -= 12;
+   }
+
+   /*------------------------------------- handle the last 11 bytes */
+   c += length;
+   switch(len)              /* all the case statements fall through */
+   {
+   case 11: c+=((ub4)k[10]<<24);
+   case 10: c+=((ub4)k[9]<<16);
+   case 9 : c+=((ub4)k[8]<<8);
+      /* the first byte of c is reserved for the length */
+   case 8 : b+=((ub4)k[7]<<24);
+   case 7 : b+=((ub4)k[6]<<16);
+   case 6 : b+=((ub4)k[5]<<8);
+   case 5 : b+=k[4];
+   case 4 : a+=((ub4)k[3]<<24);
+   case 3 : a+=((ub4)k[2]<<16);
+   case 2 : a+=((ub4)k[1]<<8);
+   case 1 : a+=k[0];
+     /* case 0: nothing left to add */
+   }
+   mix(a,b,c);
+   /*-------------------------------------------- report the result */
+   return c;
+}
+
+
+#endif

Reply to:

Prev by Date: Re: 2nd mouse
Next by Date: Bug#230426: marked as done (/usr/X11R6/man/man5/XF86Config-4.5x.gz: say that specific Identifiers are needed)
Previous by thread: Automated Reply from Caroline Russell <crussell@email.boh.com.my>
Next by thread: [idkfa@grafin.kiev.ua: xfree86 4.3.0-0pre1v1 - request for porting help!]
Index(es):
- Date
- Thread