Julian Wälde and Alexander Klink reported a flaw in the hash function used in the implementation of the Ruby-rack arrays. Ruby-rack arrays are implemented using the hash table that maps keys to values: http://rack.rubyforge.org/doc/classes/Rack/Request.html A specially-crafted set of keys could trigger hash function collisions, which degrade hash table performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using equivalent substrings or meet in the middle techniques. This problem is similar to the issue that was previously reported for and fixed in e.g. perl: http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf Patch: https://gist.github.com/52bbc6b9cc19ce330829
Created rubygem-rack tracking bugs for this issue Affects: fedora-all [bug 771150]
Created rubygem-rack tracking bugs for this issue Affects: epel-5 [bug 771151] Affects: epel-6 [bug 771152]
This appears to have been fixed in rubygems-rack 1.4.0: Tue Dec 13 10:18:48 2011 -0800 Evan Phoenix <evan> * Limit the size of parameter keys Signed-off-by: James Tucker <jftucker> With this commit that limits parameters sent via GET or POST to 64k in total. https://github.com/rack/rack/commit/5b9d09a81a9fdc9475f0ab0095cb2a33bf2a8f91 It can be downloaded from https://github.com/rack/rack/downloads
(In reply to comment #6) This is already fixed in all Fedoras, either by update of Rack or backporting patch.