From 4634c34db318d157c1f741855dba9757cc8de1fd Mon Sep 17 00:00:00 2001 From: nagachika Date: Tue, 28 Mar 2017 21:29:16 +0000 Subject: merge revision(s) 58200: [Backport #13376] * hash.c (any_hash): fix Symbol#hash to be nondeterministic. The patch was provided by Eric Wong. [ruby-core:80433] [Bug #13376] test/ruby/test_symbol.rb: new test for nondeterminism We need to ensure hashes for static symbols remain non-deterministic to avoid DoS attacks. This is currently the case since 2.4+, but was not for the 2.3 series. * test/ruby/test_symbol.rb (test_hash_nondeterministic): new test [ruby-core:80430] [Bug #13376] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@58203 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- hash.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hash.c') diff --git a/hash.c b/hash.c index 58a3d04023..d9826c4053 100644 --- a/hash.c +++ b/hash.c @@ -139,6 +139,7 @@ any_hash(VALUE a, st_index_t (*other_func)(VALUE)) if (a == Qundef) return 0; if (STATIC_SYM_P(a)) { hnum = a >> (RUBY_SPECIAL_SHIFT + ID_SCOPE_SHIFT); + hnum = rb_hash_start(hnum); goto out; } else if (FLONUM_P(a)) { -- cgit v1.2.3 From 0ad168551355320c091045c0bb6d4b51798bbcc0 Mon Sep 17 00:00:00 2001 From: nagachika Date: Wed, 29 Mar 2017 15:00:45 +0000 Subject: * hash.c (any_hash): fix CI failure on L32LLP64 architecture. The patch was provided by usa. [ruby-core:80484] [Bug #13376] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@58213 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hash.c') diff --git a/hash.c b/hash.c index d9826c4053..e418b99c1f 100644 --- a/hash.c +++ b/hash.c @@ -168,7 +168,7 @@ any_hash(VALUE a, st_index_t (*other_func)(VALUE)) } out: hnum <<= 1; - return (st_index_t)RSHIFT(hnum, 1); + return (long)RSHIFT(hnum, 1); } static st_index_t -- cgit v1.2.3