Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57250
Return-Path: <nikita.ppv@googlemail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 12892 invoked from network); 6 Jan 2012 13:28:17 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Jan 2012 13:28:17 -0000
Authentication-Results: pb1.pair.com header.from=nikita.ppv@googlemail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@googlemail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 209.85.215.42 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@googlemail.com
X-Host-Fingerprint: 209.85.215.42 mail-lpp01m010-f42.google.com  
Received: from [209.85.215.42] ([209.85.215.42:49918] helo=mail-lpp01m010-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E7/64-21551-FE6F60F4 for <internals@lists.php.net>; Fri, 06 Jan 2012 08:28:16 -0500
Received: by lagj5 with SMTP id j5so515132lag.29
        for <internals@lists.php.net>; Fri, 06 Jan 2012 05:28:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=Wrh3Zsd8i+Dc533okqOeqzmj+ycQKVjuF7kkE9a3RwI=;
        b=w4GDDqitcj06PHr5sywfQf/4UTAC19V1O0OV/j4Ayoww+is+BFoLJJ4KOW7mmLRO9I
         6H4TfJcGhLWuhDHkOipL+OYvc9m6jTkhHxCXymuh1+PO5rDltdAppw0CmWq7+Vtk8imd
         mFOzdzWzuaf+80vKM0AYKYvFxscQ+j4A34gcY=
MIME-Version: 1.0
Received: by 10.152.106.45 with SMTP id gr13mr2307462lab.9.1325856491656; Fri,
 06 Jan 2012 05:28:11 -0800 (PST)
Received: by 10.152.131.135 with HTTP; Fri, 6 Jan 2012 05:28:11 -0800 (PST)
In-Reply-To: <CABBJUpeypar4u4VwqBW94Qd2EXUknLhhoFWuF-t=hBP6c7DnYA@mail.gmail.com>
References: <CABBJUpe+BqyoUXbo=jN_V8N3RFrWt9gCA1s0LCztP0RFKD2+JA@mail.gmail.com>
	<CAF+90c-RNgGOwc8g0-DMfzN4HtzwLs3TWJAdyztFq6sZyasszQ@mail.gmail.com>
	<CACQesk6Oo23+827oOy8ExKEvt7ShdA8NVtdvrWmSX52vR-saSQ@mail.gmail.com>
	<CABBJUpcdPsGDsh-j6sB+m8EJLkaO_SdvYwJFebmu97FhvfiLTA@mail.gmail.com>
	<CABBJUpeypar4u4VwqBW94Qd2EXUknLhhoFWuF-t=hBP6c7DnYA@mail.gmail.com>
Date: Fri, 6 Jan 2012 14:28:11 +0100
Message-ID: <CAF+90c8G68V2VGvZ6+CgCanW2zKGGAtj1apRVX4VQy2rp+Y=rA@mail.gmail.com>
To: Laruence <laruence@php.net>
Cc: Etienne Kneuss <colder@php.net>, PHP Internals <internals@lists.php.net>, 
	Rasmus Lerdorf <rasmus@lerdorf.com>, Stas Malyshev <smalyshev@sugarcrm.com>, 
	Pierre Joye <pierre.php@gmail.com>, =?ISO-8859-1?Q?Johannes_Schl=FCter?= <johannes@schlueters.de>, 
	Dmitry Stogov <dmitry@php.net>, sesser@php.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Yet another fix for max_input_vars
From: nikita.ppv@googlemail.com (Nikita Popov)

On Fri, Jan 6, 2012 at 8:42 AM, Laruence <laruence@php.net> wrote:
> Hi:
> =A0 =A0so here is the problem, the number index collision can be fixed by
> this idea (increase table size with a random delta).
>
> =A0 =A0now we need add the random number into DJB hash, and I am not good=
 at math,
>
> =A0 =A0so Calling for help, =A0and the random number will be stored in a
> process global variable like: PHPAPI int zend_hash_random_number.
>
> =A0 =A0and the reason for use a process global variable are:
> =A0 =A01. =A0this would break the zend hash cache
> =A0 =A02. =A0no abi backward break ( zend_hash_func)
> =A0 =A03. =A0simplify ZTS protection..

A problem with a process global variable arises when the PHP process
is kept alive between requests (e.g. fcgi). In that case the random
value will stay the same between all requests and could be
brute-forced. Not sure whether this is an issue in reality (e.g. what
is the range of the random number?)

Nikita