Skip to content

VM: Security: Prevent DoS from hashmap collisions #19399

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kevmoo opened this issue Jun 12, 2014 · 5 comments
Closed

VM: Security: Prevent DoS from hashmap collisions #19399

kevmoo opened this issue Jun 12, 2014 · 5 comments
Labels
area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. closed-stale Closed as the issue or PR is assumed stale type-bug Incorrect behavior (everything from a crash to more subtle misbehavior) type-security

Comments

@kevmoo
Copy link
Member

kevmoo commented Jun 12, 2014

See https://code.google.com/p/dart/issues/detail?id=1748

This is for tracking the VM implementation of hashing algorithms
@kevmoo
Copy link
Member Author

kevmoo commented Jun 12, 2014

Marked this as blocking #1748.

@kodandersson
Copy link
Contributor

Set owner to @kodandersson.

@kevmoo kevmoo added Type-Defect area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. type-security labels Jun 27, 2014
@kodandersson
Copy link
Contributor

This very old feature request should have a priority assigned to it. How important is this relative to other DoS vectors, and how much performance are we willing to sacrifice?

@kevmoo
Copy link
Member Author

kevmoo commented Oct 2, 2015

I'd have to see a stack-rank of DOS vectors. 😄

How much performance: enough to mitigate the concern. Given ruby, JS, .NET etc have handled this, I'm assuming there are ways to do it without causing big regressions.

@DemiMarie
Copy link

SipHash is a fast, cryptographically secure hash function.

Another option is to use trees instead of linked list to back the buckets.

@kevmoo kevmoo added type-bug Incorrect behavior (everything from a crash to more subtle misbehavior) and removed priority-unassigned labels Mar 1, 2016
@iposva-google iposva-google removed their assignment May 31, 2016
@lrhn lrhn closed this as completed Oct 7, 2024
@lrhn lrhn added the closed-stale Closed as the issue or PR is assumed stale label Oct 7, 2024
@gnprice gnprice mentioned this issue Oct 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. closed-stale Closed as the issue or PR is assumed stale type-bug Incorrect behavior (everything from a crash to more subtle misbehavior) type-security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kevmoo @lrhn @iposva-google @DemiMarie @kodandersson