From dev-return-24575-apmail-apr-dev-archive=apr.apache.org@apr.apache.org  Thu Jan  5 19:51:41 2012
Return-Path: <dev-return-24575-apmail-apr-dev-archive=apr.apache.org@apr.apache.org>
X-Original-To: apmail-apr-dev-archive@www.apache.org
Delivered-To: apmail-apr-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 628DA9B6A
	for <apmail-apr-dev-archive@www.apache.org>; Thu,  5 Jan 2012 19:51:41 +0000 (UTC)
Received: (qmail 26499 invoked by uid 500); 5 Jan 2012 19:51:40 -0000
Delivered-To: apmail-apr-dev-archive@apr.apache.org
Received: (qmail 26397 invoked by uid 500); 5 Jan 2012 19:51:40 -0000
Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:dev@apr.apache.org>
List-Help: <mailto:dev-help@apr.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@apr.apache.org>
List-Id: <dev.apr.apache.org>
Delivered-To: mailing list dev@apr.apache.org
Received: (qmail 26389 invoked by uid 99); 5 Jan 2012 19:51:40 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2012 19:51:40 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of bojan@rexursive.com designates 150.101.121.179 as permitted sender)
Received: from [150.101.121.179] (HELO beauty.rexursive.com) (150.101.121.179)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2012 19:51:33 +0000
Received: from [10.1.120.20] (shrek.rexursive.com [10.1.120.20])
	by beauty.rexursive.com (Postfix) with ESMTPSA id 5FAEF1A5602;
	Fri,  6 Jan 2012 06:51:11 +1100 (EST)
Message-ID: <1325793071.14615.26.camel@shrek.rexursive.com>
Subject: Re: Hash collision vectors in APR?
From: Bojan Smojver <bojan@rexursive.com>
To: "William A. Rowe Jr." <wrowe@rowe-clan.net>
Cc: APR Developer List <dev@apr.apache.org>
Date: Fri, 06 Jan 2012 06:51:11 +1100
In-Reply-To: <4F05E1A9.7010408@rowe-clan.net>
References: <4F05E1A9.7010408@rowe-clan.net>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.2.2 (3.2.2-1.fc16) 
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0

On Thu, 2012-01-05 at 11:45 -0600, William A. Rowe Jr. wrote:
> Should we add some randomization to prevent abuse?

There are Ruby patches in RH bug database that may help as an example:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4815

-- 
Bojan