Re: Interning strings considered harmful (somewhat)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Interning strings considered harmful (somewhat)
From: Tony Finch <dot@...>
Date: Sun, 25 Oct 2009 22:00:45 +0000

On Sun, 25 Oct 2009, Florian Weimer wrote:
>
> I'm a bit worried by this, and the impact on programs which process
> data from untrusted inputs.  I haven't got a really good idea what can
> be done about this.  In similar cases, people have used Jenkins'
> lookup3.c hash function with a random seed.  Perhaps it is sufficient
> to drop the skipping from Lua's hash function and use a random seed
> stored in the Lua state, but the internal mixing of the current hash
> function seems to be rather weak.

Your observation reminds me of this paper which studies the robustness of
state table lookups in firewalls:
http://www.maths.tcd.ie/~dwmalone/p/ec2nd08.pdf

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.

References:
- Interning strings considered harmful (somewhat), Florian Weimer

Prev by Date: Re: Metatables, C and Script...
Next by Date: Re: Metatables, C and Script...
Previous by thread: Interning strings considered harmful (somewhat)
Next by thread: Re: Interning strings considered harmful (somewhat)
Index(es):
- Date
- Thread