Bug 985509 - p11-kit: potential hash collision denial of service
p11-kit: potential hash collision denial of service
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: p11-kit (Show other bugs)
6.5
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Stef Walter
BaseOS QE Security Team
:
Depends On:
Blocks: 983512
  Show dependency treegraph
 
Reported: 2013-07-17 12:04 EDT by Florian Weimer
Modified: 2013-07-17 12:11 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-17 12:11:33 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2013-07-17 12:04:24 EDT
Murmurhash 3 is broken even with a randomized seed (but the seed is constant in p11-kit, ahem).  This means that its use in the dict implementation is either way overkill, or exposes the code to a denial-of-service issue.  unsigned long/int hashing is collision-prone, too, because it doesn't use a key and actually isn't very hash-like at all.

This isn't a problem as long as the hashes are small, so feel free to close this bug if the hash tables are small.
Comment 1 Stef Walter 2013-07-17 12:11:33 EDT
p11-kit does not hash data from outside of the security context it is run in. So I don't think this is an issue. Denial-of-service would be against self, which cannot be protected against. I'll close this bug, but if I'm wrong, please do reopen.

Note You need to log in before you can comment on or make changes to this bug.