Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1653)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in to create issues and add comments

Side by Side Diff: Modules/datetimemodule.c

Issue 13703: Hash collision security issue
Patch Set: Created 1 year, 4 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Misc/python.man ('k') | Modules/main.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* C implementation for the date/time type documented at 1 /* C implementation for the date/time type documented at
2 * http://www.zope.org/Members/fdrake/DateTimeWiki/FrontPage 2 * http://www.zope.org/Members/fdrake/DateTimeWiki/FrontPage
3 */ 3 */
4 4
5 #include "Python.h" 5 #include "Python.h"
6 #include "modsupport.h" 6 #include "modsupport.h"
7 #include "structmember.h" 7 #include "structmember.h"
8 8
9 #include <time.h> 9 #include <time.h>
10 10
(...skipping 2548 matching lines...) Expand 10 before | Expand all | Expand 10 after
2559 /* 2559 /*
2560 Borrowed from stringobject.c, originally it was string_hash() 2560 Borrowed from stringobject.c, originally it was string_hash()
2561 */ 2561 */
2562 static long 2562 static long
2563 generic_hash(unsigned char *data, int len) 2563 generic_hash(unsigned char *data, int len)
2564 { 2564 {
2565 register unsigned char *p; 2565 register unsigned char *p;
2566 register long x; 2566 register long x;
2567 2567
2568 p = (unsigned char *) data; 2568 p = (unsigned char *) data;
2569 x = *p << 7; 2569 x = _Py_HashSecret.prefix;
2570 x ^= *p << 7;
2570 while (--len >= 0) 2571 while (--len >= 0)
2571 x = (1000003*x) ^ *p++; 2572 x = (1000003*x) ^ *p++;
2572 x ^= len; 2573 x ^= len;
2574 x ^= _Py_HashSecret.suffix;
2573 if (x == -1) 2575 if (x == -1)
2574 x = -2; 2576 x = -2;
2575 2577
2576 return x; 2578 return x;
2577 } 2579 }
2578 2580
2579 2581
2580 static PyObject *date_getstate(PyDateTime_Date *self); 2582 static PyObject *date_getstate(PyDateTime_Date *self);
2581 2583
2582 static long 2584 static long
(...skipping 2441 matching lines...) Expand 10 before | Expand all | Expand 10 after
5024 enough to say. 5026 enough to say.
5025 5027
5026 In any case, it's clear that the default fromutc() is strong enough to handle 5028 In any case, it's clear that the default fromutc() is strong enough to handle
5027 "almost all" time zones: so long as the standard offset is invariant, it 5029 "almost all" time zones: so long as the standard offset is invariant, it
5028 doesn't matter if daylight time transition points change from year to year, or 5030 doesn't matter if daylight time transition points change from year to year, or
5029 if daylight time is skipped in some years; it doesn't matter how large or 5031 if daylight time is skipped in some years; it doesn't matter how large or
5030 small dst() may get within its bounds; and it doesn't even matter if some 5032 small dst() may get within its bounds; and it doesn't even matter if some
5031 perverse time zone returns a negative dst()). So a breaking case must be 5033 perverse time zone returns a negative dst()). So a breaking case must be
5032 pretty bizarre, and a tzinfo subclass can override fromutc() if it is. 5034 pretty bizarre, and a tzinfo subclass can override fromutc() if it is.
5033 --------------------------------------------------------------------------- */ 5035 --------------------------------------------------------------------------- */
OLDNEW
« no previous file with comments | « Misc/python.man ('k') | Modules/main.c » ('j') | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld cbc36f91f3f7