Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57297
Return-Path: <stefan@nopiracy.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 53972 invoked from network); 9 Jan 2012 16:42:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Jan 2012 16:42:04 -0000
Authentication-Results: pb1.pair.com smtp.mail=stefan@nopiracy.de; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=stefan@nopiracy.de; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain nopiracy.de from 81.169.146.162 cause and error)
X-PHP-List-Original-Sender: stefan@nopiracy.de
X-Host-Fingerprint: 81.169.146.162 mo-p00-ob.rzone.de Solaris 10 (beta)
Received: from [81.169.146.162] ([81.169.146.162:31049] helo=mo-p00-ob.rzone.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 84/A1-46289-BD81B0F4 for <internals@lists.php.net>; Mon, 09 Jan 2012 11:42:04 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1326127320; l=427;
	s=domk; d=nopiracy.de;
	h=To:References:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:
	Content-Type:Mime-Version:Subject:X-RZG-CLASS-ID:X-RZG-AUTH;
	bh=HhpKRno3kaw9UuYebC9h2RgxsR4=;
	b=RfYb42Jc0FiWcgwZ2ZncGII8XwfSvwsDRUDpCUW2+Hg1cVU648WyZjNDpimmCAiROut
	qf9nx7JPgQMVUfuwh3r7BqMa1Yb3mfTUorto8KBQrY+UlQolQhfmQOe/XUJ1kYc3vZgW4
	MR5K+5nqZ7YB3MupFJzP3i++A20zKb0YrmY=
X-RZG-AUTH: :OH4FY0Wkd/plSHgwfKFIgHoVYx5SSathkA9OvI+ii+JXGfvQUzm/Ahii7iullNGyVg==
X-RZG-CLASS-ID: mo00
Received: from [10.23.17.42] (cable-78-34-71-151.netcologne.de [78.34.71.151])
	by smtp.strato.de (klopstock mo24) (RZmta 27.3 DYNA|AUTH)
	with (AES128-SHA encrypted) ESMTPA id v06e1eo09FSJCy ;
	Mon, 9 Jan 2012 17:39:56 +0100 (MET)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <6268389813742875794@unknownmsgid>
Date: Mon, 9 Jan 2012 17:39:56 +0100
Cc: Pierre Joye <pierre.php@gmail.com>,
 PHP internals <internals@lists.php.net>,
 =?iso-8859-1?Q?Johannes_Schl=FCter?= <johannes@schlueters.de>,
 Laruence <laruence@php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <BB121D7B-95AC-4DBB-9D39-5337138AFC77@nopiracy.de>
References: <CAEZPtU44aag3z-oGAx+mF1dvr9qF0ZLpdW3pHFWEe0uwbchMBQ@mail.gmail.com> <6268389813742875794@unknownmsgid>
To: Xinchen Hui <laruence@gmail.com>
X-Mailer: Apple Mail (2.1251.1)
Subject: Re: [PHP-DEV] Re: 5.3.9, Hash DoS, release
From: stefan@nopiracy.de (Stefan Esser)

Hey,

>  That is Restricting a max length of a buckets list in a hash table.
>=20
>   If a bucket's length exceed 1024, any insertion into this bucket
> will return failure and a warning will be generated.
>=20
>   What do you think?

very bad idea. Especially when it comes to numerical indices a =
legitimate application might put data into a big array and have =
legitimate colliding keys.

Regards,
Stefan Esser=