On Thu, 2012-01-05 at 11:45 -0600, William A. Rowe Jr. wrote: > Should we add some randomization to prevent abuse?
No idea whether this is something that may be useful, but here it is nevertheless. At least it can be used as an example of what not to do. :-) -- Bojan
Index: tables/apr_hash.c =================================================================== --- tables/apr_hash.c (revision 1227853) +++ tables/apr_hash.c (working copy) @@ -21,6 +21,8 @@ #include "apr_hash.h" +#include "apr_atomic.h" + #if APR_HAVE_STDLIB_H #include <stdlib.h> #endif @@ -32,6 +34,10 @@ #include <stdio.h> #endif +/* Randomise hash */ +static apr_uint32_t initialised = 0, in_init = 1; +static unsigned int seed; + /* * The internal form of a hash table. * @@ -246,6 +252,17 @@ * * -- Ralf S. Engelschall <r...@engelschall.com> */ + + if (!apr_atomic_inc32(&initialised)) { + apr_generate_random_bytes(&seed, sizeof(seed)); + apr_atomic_dec32(&in_init); + } + apr_atomic_set32(&initialised, 1); /* prevent wrap-around */ + + while (apr_atomic_read32(&in_init)) /* wait until we get fully inited */ + ; + + hash = seed; if (*klen == APR_HASH_KEY_STRING) { for (p = key; *p; p++) {