Edit report at https://bugs.php.net/bug.php?id=60655&edit=1
ID: 60655 Updated by: larue...@php.net Reported by: larue...@php.net Summary: add max_input_vars for json/serialize Status: Open Type: Feature/Change Request Package: *General Issues PHP Version: 5.3.9RC4 Block user comment: N Private report: N New Comment: oh, I got you, thanks. Previous Comments: ------------------------------------------------------------------------ [2012-01-05 14:04:50] larue...@php.net yes, the hash value of string index is the same, but the index = hash_value % nTableSize, we don't use the hash value as index directly, didn't I misunderstand you? ------------------------------------------------------------------------ [2012-01-05 11:53:37] ses...@php.net You are mistaken to believe that randomizing the TableSize will stop predictable collisions: This is only true if you try to exploit the problem with numerical indicies. The moment you use alpha numerical keys and produce collisions in the DJB hashing function the table size does not matter anymore, because the return value of the hash function is the same. ------------------------------------------------------------------------ [2012-01-05 11:29:15] larue...@php.net sorry, didn't get your point? the collision can not be predicatible any more, why this patch doesn't solve the problem? ------------------------------------------------------------------------ [2012-01-05 11:24:44] ses...@php.net Your patch does not fix the problem. It will make the first X hashtable grow operations random. But the moment you already inserte 65536 entries the HashTable is now big enough to launch the attack. Maybe your test script already breaks your patch the moment you try to insert 2^17 entries. Otherwise the attack script might need some tweaking. Anyway, your patch will not solve the problem. ------------------------------------------------------------------------ [2012-01-05 08:09:18] larue...@php.net The following patch has been added/updated: Patch Name: rand_hash_resize.patch Revision: 1325750958 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=rand_hash_resize.patch&revision=1325750958 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60655 -- Edit this bug report at https://bugs.php.net/bug.php?id=60655&edit=1