From 8284ef63a517690a893ffda1083fb966a76b6fbc Mon Sep 17 00:00:00 2001 From: Erick Tryzelaar Date: Mon, 23 Jun 2014 19:15:40 -0400 Subject: [PATCH 1/3] std: make sure HashMap from_iter uses random initialization by default It turns out that HashMap's from_iter implementation was being initialized without the sip keys being randomized. This adds a custom default hasher that should avoid this potential vulnerability. --- src/libstd/collections/hashmap.rs | 25 ++++++--------- src/libstd/hash.rs | 51 +++++++++++++++++++++++++++++++ src/libstd/lib.rs | 2 +- 3 files changed, 62 insertions(+), 16 deletions(-) create mode 100644 src/libstd/hash.rs diff --git a/src/libstd/collections/hashmap.rs b/src/libstd/collections/hashmap.rs index b94141748d5..be5c2e25141 100644 --- a/src/libstd/collections/hashmap.rs +++ b/src/libstd/collections/hashmap.rs @@ -16,15 +16,13 @@ use collections::{Collection, Mutable, Set, MutableSet, Map, MutableMap}; use default::Default; use fmt::Show; use fmt; -use hash::{Hash, Hasher, sip}; +use hash::{Hash, Hasher, RandomSipHasher}; use iter::{Iterator, FilterMap, Chain, Repeat, Zip, Extendable}; use iter::{range, range_inclusive, FromIterator}; use iter; use mem::replace; use num; use option::{Some, None, Option}; -use rand::Rng; -use rand; use result::{Ok, Err}; mod table { @@ -733,7 +731,7 @@ impl DefaultResizePolicy { /// } /// ``` #[deriving(Clone)] -pub struct HashMap { +pub struct HashMap { // All hashes are keyed on these values, to prevent hash collision attacks. hasher: H, @@ -1033,18 +1031,15 @@ impl, V, S, H: Hasher> MutableMap for HashMap } -impl HashMap { +impl HashMap { /// Create an empty HashMap. - pub fn new() -> HashMap { + pub fn new() -> HashMap { HashMap::with_capacity(INITIAL_CAPACITY) } /// Creates an empty hash map with the given initial capacity. - pub fn with_capacity(capacity: uint) -> HashMap { - let mut r = rand::task_rng(); - let r0 = r.gen(); - let r1 = r.gen(); - let hasher = sip::SipHasher::new_with_keys(r0, r1); + pub fn with_capacity(capacity: uint) -> HashMap { + let hasher = RandomSipHasher::new(); HashMap::with_capacity_and_hasher(capacity, hasher) } } @@ -1489,7 +1484,7 @@ pub type SetMoveItems = /// HashMap where the value is (). As with the `HashMap` type, a `HashSet` /// requires that the elements implement the `Eq` and `Hash` traits. #[deriving(Clone)] -pub struct HashSet { +pub struct HashSet { map: HashMap } @@ -1529,15 +1524,15 @@ impl, S, H: Hasher> MutableSet for HashSet { fn remove(&mut self, value: &T) -> bool { self.map.remove(value) } } -impl HashSet { +impl HashSet { /// Create an empty HashSet - pub fn new() -> HashSet { + pub fn new() -> HashSet { HashSet::with_capacity(INITIAL_CAPACITY) } /// Create an empty HashSet with space for at least `n` elements in /// the hash table. - pub fn with_capacity(capacity: uint) -> HashSet { + pub fn with_capacity(capacity: uint) -> HashSet { HashSet { map: HashMap::with_capacity(capacity) } } } diff --git a/src/libstd/hash.rs b/src/libstd/hash.rs new file mode 100644 index 00000000000..fd1bab2dd71 --- /dev/null +++ b/src/libstd/hash.rs @@ -0,0 +1,51 @@ +// Copyright 2014 The Rust Project Developers. See the COPYRIGHT +// file at the top-level directory of this distribution and at +// http://rust-lang.org/COPYRIGHT. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Generic hashing support. + +pub use core_collections::hash::{Hash, Hasher, Writer, hash, sip}; + +use default::Default; +use rand::Rng; +use rand; + +/// `RandomSipHasher` computes the SipHash algorithm from a stream of bytes +/// initialized with random keys. +#[deriving(Clone)] +pub struct RandomSipHasher { + hasher: sip::SipHasher, +} + +impl RandomSipHasher { + /// Construct a new `RandomSipHasher` that is initialized with random keys. + #[inline] + pub fn new() -> RandomSipHasher { + let mut r = rand::task_rng(); + let r0 = r.gen(); + let r1 = r.gen(); + RandomSipHasher { + hasher: sip::SipHasher::new_with_keys(r0, r1), + } + } +} + +impl Hasher for RandomSipHasher { + #[inline] + fn hash>(&self, value: &T) -> u64 { + self.hasher.hash(value) + } +} + +impl Default for RandomSipHasher { + #[inline] + fn default() -> RandomSipHasher { + RandomSipHasher::new() + } +} diff --git a/src/libstd/lib.rs b/src/libstd/lib.rs index f63e69f3cca..12ad1d64344 100644 --- a/src/libstd/lib.rs +++ b/src/libstd/lib.rs @@ -166,7 +166,6 @@ pub use core::option; pub use alloc::owned; pub use alloc::rc; -pub use core_collections::hash; pub use core_collections::slice; pub use core_collections::str; pub use core_collections::string; @@ -236,6 +235,7 @@ pub mod to_str; /* Common data structures */ pub mod collections; +pub mod hash; /* Tasks and communication */ From c1ff089c275592044057841673256ec78d6c400c Mon Sep 17 00:00:00 2001 From: Erick Tryzelaar Date: Mon, 23 Jun 2014 19:48:09 -0400 Subject: [PATCH 2/3] std: micro optimize Hash{Map,Set}::{new,with_capacity} --- src/libstd/collections/hashmap.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/libstd/collections/hashmap.rs b/src/libstd/collections/hashmap.rs index be5c2e25141..7c01a0342ed 100644 --- a/src/libstd/collections/hashmap.rs +++ b/src/libstd/collections/hashmap.rs @@ -1033,11 +1033,13 @@ impl, V, S, H: Hasher> MutableMap for HashMap impl HashMap { /// Create an empty HashMap. + #[inline] pub fn new() -> HashMap { HashMap::with_capacity(INITIAL_CAPACITY) } /// Creates an empty hash map with the given initial capacity. + #[inline] pub fn with_capacity(capacity: uint) -> HashMap { let hasher = RandomSipHasher::new(); HashMap::with_capacity_and_hasher(capacity, hasher) @@ -1048,6 +1050,7 @@ impl, V, S, H: Hasher> HashMap { /// Creates an empty hashmap which will use the given hasher to hash keys. /// /// The creates map has the default initial capacity. + #[inline] pub fn with_hasher(hasher: H) -> HashMap { HashMap::with_capacity_and_hasher(INITIAL_CAPACITY, hasher) } @@ -1059,6 +1062,7 @@ impl, V, S, H: Hasher> HashMap { /// is designed to allow HashMaps to be resistant to attacks that /// cause many collisions and very poor performance. Setting it /// manually using this function can expose a DoS attack vector. + #[inline] pub fn with_capacity_and_hasher(capacity: uint, hasher: H) -> HashMap { let cap = num::next_power_of_two(max(INITIAL_CAPACITY, capacity)); HashMap { @@ -1526,12 +1530,14 @@ impl, S, H: Hasher> MutableSet for HashSet { impl HashSet { /// Create an empty HashSet + #[inline] pub fn new() -> HashSet { HashSet::with_capacity(INITIAL_CAPACITY) } /// Create an empty HashSet with space for at least `n` elements in /// the hash table. + #[inline] pub fn with_capacity(capacity: uint) -> HashSet { HashSet { map: HashMap::with_capacity(capacity) } } @@ -1542,6 +1548,7 @@ impl, S, H: Hasher> HashSet { /// keys. /// /// The hash set is also created with the default initial capacity. + #[inline] pub fn with_hasher(hasher: H) -> HashSet { HashSet::with_capacity_and_hasher(INITIAL_CAPACITY, hasher) } @@ -1553,6 +1560,7 @@ impl, S, H: Hasher> HashSet { /// is designed to allow `HashSet`s to be resistant to attacks that /// cause many collisions and very poor performance. Setting it /// manually using this function can expose a DoS attack vector. + #[inline] pub fn with_capacity_and_hasher(capacity: uint, hasher: H) -> HashSet { HashSet { map: HashMap::with_capacity_and_hasher(capacity, hasher) } } From d90b71cff68ec3748b9f42063513773da57e01e2 Mon Sep 17 00:00:00 2001 From: Erick Tryzelaar Date: Tue, 1 Jul 2014 07:29:16 -0700 Subject: [PATCH 3/3] std: move the hash docstring over to std::hash. --- src/libstd/hash.rs | 53 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/src/libstd/hash.rs b/src/libstd/hash.rs index fd1bab2dd71..2cc7e70747a 100644 --- a/src/libstd/hash.rs +++ b/src/libstd/hash.rs @@ -8,7 +8,58 @@ // option. This file may not be copied, modified, or distributed // except according to those terms. -//! Generic hashing support. +/*! + * Generic hashing support. + * + * This module provides a generic way to compute the hash of a value. The + * simplest way to make a type hashable is to use `#[deriving(Hash)]`: + * + * # Example + * + * ```rust + * use std::hash; + * use std::hash::Hash; + * + * #[deriving(Hash)] + * struct Person { + * id: uint, + * name: String, + * phone: u64, + * } + * + * let person1 = Person { id: 5, name: "Janet".to_string(), phone: 555_666_7777 }; + * let person2 = Person { id: 5, name: "Bob".to_string(), phone: 555_666_7777 }; + * + * assert!(hash::hash(&person1) != hash::hash(&person2)); + * ``` + * + * If you need more control over how a value is hashed, you need to implement + * the trait `Hash`: + * + * ```rust + * use std::hash; + * use std::hash::Hash; + * use std::hash::sip::SipState; + * + * struct Person { + * id: uint, + * name: String, + * phone: u64, + * } + * + * impl Hash for Person { + * fn hash(&self, state: &mut SipState) { + * self.id.hash(state); + * self.phone.hash(state); + * } + * } + * + * let person1 = Person { id: 5, name: "Janet".to_string(), phone: 555_666_7777 }; + * let person2 = Person { id: 5, name: "Bob".to_string(), phone: 555_666_7777 }; + * + * assert!(hash::hash(&person1) == hash::hash(&person2)); + * ``` + */ pub use core_collections::hash::{Hash, Hasher, Writer, hash, sip};