Red Hat Bugzilla – Bug 985509
p11-kit: potential hash collision denial of service
Last modified: 2013-07-17 12:11:33 EDT
Murmurhash 3 is broken even with a randomized seed (but the seed is constant in p11-kit, ahem). This means that its use in the dict implementation is either way overkill, or exposes the code to a denial-of-service issue. unsigned long/int hashing is collision-prone, too, because it doesn't use a key and actually isn't very hash-like at all.
This isn't a problem as long as the hashes are small, so feel free to close this bug if the hash tables are small.
p11-kit does not hash data from outside of the security context it is run in. So I don't think this is an issue. Denial-of-service would be against self, which cannot be protected against. I'll close this bug, but if I'm wrong, please do reopen.