Glad You're Ready. Let's Get Started!

Let us know how we can contact you.

Thank you!

We'll respond shortly.

Standup 9/15/2009: Hashing a String, Nginx Security Patch

Interesting Things

  • String#hash does not always produce the same hash on different machines and/or different architectures. Don’t use the hash of a string across machines to identify it.

  • Nginx has released a security patch to fix a remote execution security vulnerability.

  1. Here’s the code at revision 24934 ( Tue Sep 15 05:27:29 2009 UTC ); search for “hash”.

    ( It uses “Murmurhash”, )

    This snippet seems to cause what you are describing:

    rb_hash_start(st_index_t h)
    static int hashseed_init = 0;
    static VALUE hashseed;

    if (!hashseed_init) {
    hashseed = rb_genrand_int32();
    hashseed < <= 4*8; hashseed |= rb_genrand_int32(); #endif #if SIZEOF_VALUE*CHAR_BIT > 8*8
    hashseed < <= 8*8; hashseed |= rb_genrand_int32(); #endif #if SIZEOF_VALUE*CHAR_BIT > 12*8
    hashseed <<= 12*8; hashseed |= rb_genrand_int32(); #endif hashseed_init = 1; } Not quite sure. Stephan

  2. Sorry, that comment doesn’t come out well. I guess I wasn’t aware of your blog software’s formatting function.


Post a Comment

Your Information (Name required. Email address will not be displayed with comment.)

* Copy This Password *

* Type Or Paste Password Here *