Skip to content

Mitigate hashtable bucket collision attacks#120

Open
3em0 wants to merge 1 commit into
zpl-c:masterfrom
3em0:fix-hashtable-key-mixing
Open

Mitigate hashtable bucket collision attacks#120
3em0 wants to merge 1 commit into
zpl-c:masterfrom
3em0:fix-hashtable-key-mixing

Conversation

@3em0

@3em0 3em0 commented Jun 3, 2026

Copy link
Copy Markdown

Summary

  • Add a lightweight 64-bit key mixer for hashtable bucket selection.
  • Seed each generated table instance from its table/array addresses so raw attacker-chosen numeric patterns such as offset + i * bucket_count no longer map directly to the same bucket.
  • Preserve the table seed across rehashing.
  • Add a table test covering keys that would collide under raw modulo bucket assignment.

Fixes #119.

Testing

  • git diff --check
  • Verified the deterministic test key set with the same 64-bit mixing arithmetic.

Full C unit tests were not run because this environment does not have a C compiler installed (gcc, cc, clang, and tcc are unavailable).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Potential hash-flooding DoS risk in generic hashtable with attacker-controlled keys

1 participant