Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57233
Return-Path: <laruence@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 40430 invoked from network); 5 Jan 2012 08:54:09 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Jan 2012 08:54:09 -0000
Authentication-Results: pb1.pair.com header.from=laruence@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=laruence@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.42 as permitted sender)
X-PHP-List-Original-Sender: laruence@gmail.com
X-Host-Fingerprint: 209.85.212.42 mail-vw0-f42.google.com  
Received: from [209.85.212.42] ([209.85.212.42:45833] helo=mail-vw0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 1A/97-28877-F25650F4 for <internals@lists.php.net>; Thu, 05 Jan 2012 03:54:08 -0500
Received: by vbbfd1 with SMTP id fd1so235479vbb.29
        for <internals@lists.php.net>; Thu, 05 Jan 2012 00:54:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:sender:from:date:x-google-sender-auth:message-id
         :subject:to:cc:content-type:content-transfer-encoding;
        bh=F3RGMnzSovZ2ByUVcHWXsJ1ejd4h8/Ywdtnvr2m1eXI=;
        b=CBmdr0QB0/2HQ1f7CqnM6Y27HX2T3x0p3Ntjsc2JYM04fVIumxVJpBqAuF+IcojQ5/
         Kq1IDz5q+x+Br7OKi4Ti9A5QJHUqHgYGOU0kxbnjq1Fo3uli8RSep4N8eOf3/09IuXO3
         oPIQU/DRtMlvnltS5H/E9GNm8WzipwEd88ORU=
Received: by 10.52.20.35 with SMTP id k3mr548755vde.34.1325753645241; Thu, 05
 Jan 2012 00:54:05 -0800 (PST)
MIME-Version: 1.0
Sender: laruence@gmail.com
Received: by 10.220.3.14 with HTTP; Thu, 5 Jan 2012 00:53:45 -0800 (PST)
Date: Thu, 5 Jan 2012 16:53:45 +0800
X-Google-Sender-Auth: bJ9wjw7vFvrZhFWSeTjqHWLRe04
Message-ID: <CABBJUpe+BqyoUXbo=jN_V8N3RFrWt9gCA1s0LCztP0RFKD2+JA@mail.gmail.com>
To: PHP Internals <internals@lists.php.net>
Cc: Rasmus Lerdorf <rasmus@lerdorf.com>, Stas Malyshev <smalyshev@sugarcrm.com>, 
	Pierre Joye <pierre.php@gmail.com>, =?UTF-8?Q?Johannes_Schl=C3=BCter?= <johannes@schlueters.de>, 
	Dmitry Stogov <dmitry@php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Yet another fix for max_input_vars
From: laruence@php.net (Laruence)

Hi:
    the origin thread is too long, so I open a new thread for this.

    I have made another patch try to fix this issue.

    the key point is, randomizing the table size(tableMask).

    instead of double the the table size in zend_hash_do_resize,  I
increase the table size with a random delta ( the value now is just a
try,  we can change it to a more appropriate value),
 that is:  new_table_size =3D old_table_size * 2 + random_num.

    then,  the collision can not be predicatible, which fix the
problem,  and also fixed the issue in json/soap/serialize etc.

    here is the patch(draft now):
https://bugs.php.net/patch-display.php?bug_id=3D60655&patch=3Drand_hash_res=
ize.patch&revision=3Dlatest

    after this fix , may slow down the php, but compared to the
security threat I thinks the cost could be ignored.

    for the test script list in
http://nikic.github.com/2011/12/28/Supercolliding-a-PHP-array.html:

    *before patched:
        Inserting 65536 evil elements took 162.65940284729 seconds
        Inserting 65536 good elements took 0.075557947158813 seconds

    *after  patched:
        Inserting 65536 evil elements took 0.074128866195679 seconds
        Inserting 65536 good elements took 0.091044902801514 seconds

    what do you think ?

thanks

--=20
Laruence =C2=A0Xinchen Hui
http://www.laruence.com/