Edit report at https://bugs.php.net/bug.php?id=60655&edit=1
ID: 60655
Updated by: ses...@php.net
Reported by: larue...@php.net
Summary: add max_input_vars for json/serialize
Status: Open
Type: Feature/Change Request
Package: *General Issues
PHP Version: 5.3.9RC4
Block user comment: N
Private report: N
New Comment:
laruence: nothing against you, but fixing the hash table thing is not a simple
easy fix. It must be done by someone who understands the mathematical problem
of
hash collisions and who understands the impact of making changes to a hash
function.
Just changing some constants in the algorithm will not improve the situation.
The opposite can be the case. By changing some constants it could be possible
to
destroy the distribution of collisions and suddenly some values collide more
often than others.
So please do not try to fix a problem that must be solved by someone with the
mathematical background knowledge.
Previous Comments:
------------------------------------------------------------------------
[2012-01-05 14:48:14] ses...@php.net
BTW a simple approach to cause 65536 alpha numerical collisions would use most
probably less than 2MB of POST payload. And this is the NOT mathematically
optimized version.
------------------------------------------------------------------------
[2012-01-05 14:47:21] larue...@php.net
sesser, I am not good at algorithm, so if you can help me, I will appreciate.
just a guess, what about change the zend_hash_func, add some new seed like:
register ulong hash = 5381 + nKeyLength;
thanks
------------------------------------------------------------------------
[2012-01-05 14:44:32] ses...@php.net
It is not "a theory", The whole disclosure from n-runs was about colliding the
DJB
hash function with alpha numerical keys.
------------------------------------------------------------------------
[2012-01-05 14:14:08] larue...@php.net
<laruence> I got you point, and agree in theory, yes, the string hash value
could
be the same, does anyone have a method to compute it in real?
<nikic> yes
<laruence> I really doubt that if we can find so many string keys with the
same
hash value to be able launch a attach, and won't reach the max post size
------------------------------------------------------------------------
[2012-01-05 14:05:52] larue...@php.net
oh, I got you, thanks.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=60655
--
Edit this bug report at https://bugs.php.net/bug.php?id=60655&edit=1
