From: usa@...
Date: 2017-03-29T14:35:40+00:00
Subject: [ruby-core:80484] [Ruby trunk Bug#13376] Symbol#hash is	deterministic on 2.3

Issue #13376 has been updated by usa (Usaku NAKAMURA).


I've fixed it.
nagachika-san, please apply this patch:

```diff
Index: hash.c
===================================================================
--- hash.c	(revision 58210)
+++ hash.c	(working copy)
@@ -168,7 +168,7 @@ any_hash(VALUE a, st_index_t (*other_func)(VALUE))
     }
   out:
     hnum <<= 1;
-    return (st_index_t)RSHIFT(hnum, 1);
+    return (long)RSHIFT(hnum, 1);
 }
 
 static st_index_t
```

----------------------------------------
Bug #13376: Symbol#hash is deterministic on 2.3
https://bugs.ruby-lang.org/issues/13376#change-63983

* Author: chrisseaton (Chris Seaton)
* Status: Closed
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: ruby 2.3.3p222 (2016-11-21 revision 56859) [x86_64-darwin16]
* Backport: 2.2: UNKNOWN, 2.3: DONE, 2.4: UNKNOWN
----------------------------------------
I believe the Symbol#hash should probably be non-deterministic, due to CVE-2011-4815. That seems to be the behaviour on 2.2 and 2.4, but not on 2.3. Was this a conscious decision at the time? Or is it a bug?

~~~
$ 2.2.6/bin/ruby -e 'puts :foo.hash'
-505215953858886063

$ 2.2.6/bin/ruby -e 'puts :foo.hash'
3929535091178311289

$ 2.3.3/bin/ruby -e 'puts :foo.hash'
2810

$ 2.3.3/bin/ruby -e 'puts :foo.hash'
2810

$ 2.4.0/bin/ruby -e 'puts :foo.hash'
-1200094397129038718

$ 2.4.0/bin/ruby -e 'puts :foo.hash'
-916960310565036298
~~~

---Files--------------------------------
0001-hash.c-any_hash-make-static-symbol-hash-non-determin.patch (1.7 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>