| Anonymous | Login | Signup for a new account | 2013-05-24 07:27 CEST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||||||
| 0005572 | OCaml | OCaml standard library | public | 2012-04-03 10:43 | 2012-04-19 15:22 | |||||||
| Reporter | xleroy | |||||||||||
| Assigned To | xleroy | |||||||||||
| Priority | normal | Severity | major | Reproducibility | always | |||||||
| Status | resolved | Resolution | fixed | |||||||||
| Platform | OS | OS Version | ||||||||||
| Product Version | 3.12.1 | |||||||||||
| Target Version | 4.00.0+dev | Fixed in Version | 4.00.0+dev | |||||||||
| Summary | 0005572: Hashtbl is vulnerable to collision-based DOS attack (CVE-2012-0839) | |||||||||||
| Description | This PR is intended to document vulnerability CVE-2012-0839 and its resolution. Summary: up to OCaml 3.12.1 included, hash tables as implemented by the Hashtbl stdlib module use a fixed hash function. This opens the way to a denial-of-service attack on Web-facing and other security-sensitive applications, whereas the attacker sends a series of requests crafted to cause many collisions in a hash table and therefore slow down the application. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0839 [^] https://bugzilla.redhat.com/show_bug.cgi?id=787888 [^] https://bugzilla.redhat.com/show_bug.cgi?id=770929 [^] | |||||||||||
| Tags | No tags attached. | |||||||||||
| Attached Files | ||||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0007267) xleroy (administrator) 2012-04-03 10:50 |
The new hash table implementation (commit r11056), integrated in SVN trunk and in 4.00 branch, already supports diversification of hash tables via a randomly-chosen seed. However, the API doesn't make it easy enough to turn randomization on. I am currently revising the API. |
|
(0007383) xleroy (administrator) 2012-04-19 15:22 |
Fixed in 4.00 branch (commit 12383) and in trunk (12384). For the record, the resolution is as follows: - Added an optional parameter "~random" to Hashtbl.create. If "~random:true" is given, the table uses a randomly-generated seed to diversify the hash function and make collisions hard to predict. If "~random:false" is given, the table uses a fixed hash function. - If no ~random parameter is given, the default is "false" (no randomization). This default can be changed to "true" by either calling "Hashtbl.randomize()" at program initialization time, or setting the "R" parameter in the OCAMLRUNPARAM environment variable before program start-up. The net effect is to keep hash tables deterministic by default (for backward compatibility), but make it very easy to select randomization, either programmatically or via a run-time parameter. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-04-03 10:43 | xleroy | New Issue | |
| 2012-04-03 10:43 | xleroy | Status | new => assigned |
| 2012-04-03 10:43 | xleroy | Assigned To | => xleroy |
| 2012-04-03 10:50 | xleroy | Note Added: 0007267 | |
| 2012-04-03 13:22 | xleroy | Target Version | => 4.00.0+dev |
| 2012-04-03 13:22 | xleroy | Description Updated | View Revisions |
| 2012-04-19 15:22 | xleroy | Note Added: 0007383 | |
| 2012-04-19 15:22 | xleroy | Status | assigned => resolved |
| 2012-04-19 15:22 | xleroy | Resolution | open => fixed |
| 2012-04-19 15:22 | xleroy | Fixed in Version | => 4.00.0+dev |
|
Issue History |
| Copyright © 2000 - 2011 MantisBT Group |
 |