Menu
▾
▴
[Sblim-commit] jsr48-client/src/org/sblim/cimclient/internal/cimxml/sax NodeFactory.java, 1.1.2.6, 1.1.2.7
|
From: Dave B. <bla...@us...> - 2012-08-01 18:43:37
|
Update of /cvsroot/sblim/jsr48-client/src/org/sblim/cimclient/internal/cimxml/sax
In directory vz-cvs-3.sog:/tmp/cvs-serv7672/src/org/sblim/cimclient/internal/cimxml/sax
Modified Files:
Tag: Experimental
NodeFactory.java
Log Message:
3535383 - HashDoS fix 3498482
Index: NodeFactory.java
===================================================================
RCS file: /cvsroot/sblim/jsr48-client/src/org/sblim/cimclient/internal/cimxml/sax/NodeFactory.java,v
retrieving revision 1.1.2.6
retrieving revision 1.1.2.7
diff -u -d -r1.1.2.6 -r1.1.2.7
--- NodeFactory.java 10 Mar 2012 22:55:30 -0000 1.1.2.6
+++ NodeFactory.java 1 Aug 2012 18:43:34 -0000 1.1.2.7
@@ -18,12 +18,12 @@
* 2531371 2009-02-10 raman_arora Upgrade client to JDK 1.5 (Phase 2)
* 2845211 2009-08-27 raman_arora Pull Enumeration Feature (SAX Parser)
* 3498482 2012-03-09 blaschke-oss Red Hat: Possible XML Hash DoS in sblim
+ * 3535383 2012-08-01 blaschke-oss HashDoS fix 3498482
*/
package org.sblim.cimclient.internal.cimxml.sax;
import java.util.HashMap;
-import java.util.Random;
import org.sblim.cimclient.internal.cimxml.sax.node.*;
@@ -56,7 +56,7 @@
* equals comparisons (==).
*/
public static String getEnum(String pNodeName) {
- return NODENAME_HASH.get(pNodeName + iRandomString);
+ return NODENAME_HASH.get(pNodeName);
}
private static HashMap<String, FactoryEntry> cParserMap;
@@ -442,25 +442,9 @@
private static final HashMap<String, String> NODENAME_HASH = new HashMap<String, String>();
- private static String iRandomString;
-
private static void initNodeNameHash(String[] pEnumA) {
- // Append 8-byte randomly-generated string to keys in HashMap to avert
- // hash DoS
- Random generator = new Random(System.currentTimeMillis());
- byte randomByte[] = new byte[1];
- StringBuilder randomString = new StringBuilder();
- while (randomString.length() < 8) {
- generator.nextBytes(randomByte);
- if (randomByte[0] > 0) {
- char ch = (char) randomByte[0];
- if (!Character.isISOControl(ch)) randomString.append(ch);
- }
- }
- iRandomString = randomString.toString();
-
for (int i = 0; i < pEnumA.length; i++)
- NODENAME_HASH.put(pEnumA[i] + iRandomString, pEnumA[i]);
+ NODENAME_HASH.put(pEnumA[i], pEnumA[i]);
}
static {
|
