This is an automatically generated e-mail. To reply, visit: http://reviewboard-openlmi.rhcloud.com/r/842/ |
On September 10th, 2013, 12:07 p.m. UTC, Jan Safranek wrote:
Just one issue, otherwise the patch looks good to me.On September 10th, 2013, 12:21 p.m. UTC, Robin Hack wrote:
Ok. This is real issue. Copying can be avoided by using g_quark_from_static_string () instead. What I want is try to avoid hash collision because this is what i found in glib source code: * Note that the hash functions provided by GLib have these qualities, * but are not particularly robust against manufactured keys that * cause hash collisions. Therefore, you should consider choosing * a more secure hash function when using a GHashTable with keys * that originate in untrusted data (such as HTTP requests). * Using g_str_hash() in that situation might make your application * vulerable to <ulink url="https://lwn.net/Articles/474912/">Algorithmic Complexity Attacks</ulink>. I use quark to get unique string identifier and use them as key in hash table where pointer to lock_t structure is stored. Now i know, that i must/should use something which is quark but not quark from glib. Because glib use hash lookup anyway. quark_from_string (const gchar *string, gboolean duplicate) ... quark = quark_new (duplicate ? quark_strdup (string) : (gchar *)string); ...
Missing part of code: if (quark_ht) quark = GPOINTER_TO_UINT (g_hash_table_lookup (quark_ht, string));
- Robin
On September 10th, 2013, 7:29 a.m. UTC, Robin Hack wrote:
Review request for OpenLMI Developers.
By Robin Hack.
Updated Sept. 10, 2013, 7:29 a.m.
Repository:
openlmi-providers
Description
Diffs
|