Req #60655 [Opn]: add max_input_vars for json/serialize

Thu, 05 Jan 2012 06:48:54 -0800 

Edit report at https://bugs.php.net/bug.php?id=60655&edit=1

 ID:                 60655
 Updated by:         ses...@php.net
 Reported by:        larue...@php.net
 Summary:            add max_input_vars for json/serialize
 Status:             Open
 Type:               Feature/Change Request
 Package:            *General Issues
 PHP Version:        5.3.9RC4
 Block user comment: N
 Private report:     N

 New Comment:

BTW a simple approach to cause 65536 alpha numerical collisions would use most 
probably less than 2MB of POST payload. And this is the NOT mathematically 
optimized version.


Previous Comments:
------------------------------------------------------------------------
[2012-01-05 14:47:21] larue...@php.net

sesser, I am not good at algorithm, so if you can help me, I will appreciate.

just a guess, what about change the zend_hash_func, add some new seed like:

register ulong hash = 5381 + nKeyLength;

thanks

------------------------------------------------------------------------
[2012-01-05 14:44:32] ses...@php.net

It is not "a theory", The whole disclosure from n-runs was about colliding the 
DJB 
hash function with alpha numerical keys.

------------------------------------------------------------------------
[2012-01-05 14:14:08] larue...@php.net

<laruence> I got you point, and agree in theory, yes, the string hash value 
could 
be the same, does anyone have a method to compute it in real?
<nikic> yes
<laruence> I really doubt that if we can find  so many string keys with the 
same 
hash value to be able launch a attach, and won't reach the max post size

------------------------------------------------------------------------
[2012-01-05 14:05:52] larue...@php.net

oh, I got you, thanks.

------------------------------------------------------------------------
[2012-01-05 14:04:50] larue...@php.net

yes, the hash value of string index is the same, but the index = hash_value % 
nTableSize, 

we don't use the hash value as index directly, 

didn't I misunderstand you?

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=60655


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60655&edit=1

Reply via email to