develooper Front page | perl.perl5.porters | Postings from October 2003

Re: 5.8.2-RC1 and mp2

Thread Previous | Thread Next
From:
Stas Bekman
Date:
October 30, 2003 16:47
Subject:
Re: 5.8.2-RC1 and mp2
Message ID:
3FA1B133.7030705@stason.org
I made some progress on making sure that the problem is reproducable. Rasing

   #define HV_MAX_LENGTH_BEFORE_SPLIT 14

makes it a much higher trashold for most normal keys to trigger rehashing, but 
I'm happy that the new test is happily failing to find a previously cached 
stash, despite the high treshold.

I have two remaining issues on the test side (before trying to fix things):

1) replace the hardcoded attack input (from the original attack report by 
Scott) to something that's autogenerated. I want a sub that I can ask for N 
number of hash keys that will collapse into the same list.

2) I need some way to verify that the attack has been successfully performed, 
so if in the future the hashing algorithm or the threshold change this test 
won't be misleadingly successful even though the problem may exist. Since Nick 
added a special flag to HVs that were re-hashed, can we get a B:: function 
that can check for this flag?

At the moment I do a visual check, by looking for the debug print I've planted 
into hv.c, so error_log looks like:

==> starting
We are under attack. But Do Not Panic
==> ending
[Thu Oct 30 16:37:08 2003] [error] lookup of 'TestPerl::hash_attack::handler' 
failed

Here is the test:

package TestPerl::hash_attack;

use strict;
use warnings FATAL => 'all';

use Apache::Test;
use Apache::TestUtil;
use Apache::TestTrace;

use Apache::Const -compile => 'OK';

my $input = <<EOI;
benniefubenniefubenniefu
benniefubenniefubeoppifu
benniefubenniefubheuoalp
benniefubenniefubheyppdl
benniefubenniefubxifmbwv
benniefubenniefucdsuauht
benniefubenniefucrphalzb
benniefubenniefufdesinvt
benniefubenniefufhbalgiw
benniefubenniefufkqidvqy
benniefubenniefufwlfnorp
benniefubenniefugbuocxbt
benniefubenniefugkcdnowo
benniefubenniefugzpjjakt
benniefubenniefuiwzmsjwx
benniefubenniefujeozrmvb
benniefubenniefujevvfjsf
benniefubenniefujlomraai
benniefubenniefujlyzcvrw
benniefubenniefujptanaai
benniefubenniefujwnieayi
benniefubenniefulpvzqpqq
benniefubenniefunwtftrcn
benniefubenniefunwtjqhgn
benniefubenniefupmuzbpmh
benniefubenniefupwbstdms
benniefubenniefuqdazlxxp
benniefubenniefuqnprevxm
benniefubenniefutbwofcgp
benniefubenniefutgxvpmnc
benniefubenniefutjqfofzs
benniefubenniefutsljwgxt
benniefubenniefutwekfzcc
benniefubenniefutxrmfxhd
benniefubenniefutzdfehma
benniefubenniefuubulupaw
benniefubenniefuupychihz
benniefubenniefuvanvqkid
benniefubenniefuvcakywsm
benniefubenniefuveliggml
EOI

# create conditions which will trigger a rehash on the current stash
# (__PACKAGE)
sub fixup {
     my $r = shift;
     no strict 'refs';
     debug "starting attack";
     for (split /\n/, $input) {
         my $symbol = __PACKAGE__ . "::$_";
         #autovivify
         $$symbol++;
     }
     debug "ending attack";

     return Apache::DECLINED;
}

# if the rehashing of the keys in the stash happens due to the hash attack,
# mod_perl must not fail to find the previously cached stash (response
# handler in this case)
sub handler {
     my $r = shift;
     plan $r, tests => 1;
     ok 1;
     return Apache::OK;
}

1;
__END__
PerlModule       TestPerl::hash_attack
PerlFixupHandler TestPerl::hash_attack::fixup

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About