[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Hash Table Collisions (n.runs-SA-2011.004)
- From: Sam Roberts <vieuxtech@...>
- Date: Wed, 4 Jan 2012 12:52:07 -0800
I've been following along, and while I've seen credible claims that
lua is susceptible to:
http://packetstormsecurity.org/files/108209/n.runs-SA-2011.004.txt
I haven't seen any lua code that proves it.
There isn't a standard POST parser in lua, but it should be possible
for someone who believes this is a significant issue to write a small
lua program that parses a 2 MB string of key/value pairs into a hash
table and takes many hours to do so (for example, before it was
modified, ruby could be caused to take 6 hours of i7 CPU time to parse
a 2 MB post request).
Without such code, its a bit hard to see this problem as anything
other than theoretical, and impossible to know whether any proposed
changes actually are effective.
Cheers,
Sam
- References:
- Re: Hash Table Collisions (n.runs-SA-2011.004), Mark Hamburg
- Re: Hash Table Collisions (n.runs-SA-2011.004), Vladimir Protasov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Leo Razoumov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Vladimir Protasov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Miles Bader
- Re: Hash Table Collisions (n.runs-SA-2011.004), Ashwin Hirschi
- Re: Hash Table Collisions (n.runs-SA-2011.004), Miles Bader
- Re: Hash Table Collisions (n.runs-SA-2011.004), William Ahern
- Re: Hash Table Collisions (n.runs-SA-2011.004), William Ahern
- Re: Hash Table Collisions (n.runs-SA-2011.004), Gé Weijers
- Re: Hash Table Collisions (n.runs-SA-2011.004), William Ahern