On Sat, 17 Nov 2001, Brian Pane wrote:
* A rewrite of apr_table_overlap() that uses a hash
table (sort of) instead of qsort
i'm not sure this part of the patch is a good idea. the reason
apr_table_overlap() uses qsort is to prevent various O(n^2) DoS attacks
(both time & space). with your hash i think it's possible for attackers
to carefully construct headers such that they all hash the same, which
would result in an O(n^2) time attack.
also -- if i understand the hash you're using, it appears that all headers
less than 4 characters in length will hash to position 0? (i'm looking at
COMPUTE_KEY_CHECKSUM).
(otherwise nice work, as always :)
-dean
