On Tue, Oct 14, 2003 at 09:08:05PM +0100, Nicholas Clark <[EMAIL PROTECTED]> wrote: > > I'm working on a variant of plans A and B. I need 1 more HV flag. Is > > #define SVf_AMAGIC 0x10000000 /* has magical overloaded methods */ > > ever set on an HV?
I think only on RVs. Though there is an odd commented out line in hv.c magic_setamagic: /* HV_badAMAGIC_on(Sv_STASH(sv)); */ > hsplit is modified to count the length of the longest linked lists as it > splits a hash. If it finds that the longest is over some threshold (eg 50% > of all hash values are in one list after splitting) then the data is > pathological, and *that hash* switches strategy. I don't know if that's good enough. I didn't read the exploit paper, but wouldn't they just have to have N+1 random keys before the N evil keys to defeat your check? It would make the attack only twice as much data (or even much less, since the random keys could be shorter.) Good out-of-the-box thinking, though. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
