Enclosed you will find an attached changeset, that contains suggested
fix with keys comparison and completely removed additional protection
via crc32.
Tested also on known to me keys with md5 collisions (see below) - it
works.
If someone needs a git version of it:
https://github.com/sebres/nginx/pull/2 [2]
Below you can find a TCL-code to test strings (hex), that produce an md5
collision (with an example with one collision):
https://github.com/sebres/misc/blob/tcl-test-hash-collision/tcl/hash-collision.tcl
[3]
Regards,
sebres.
On 10.09.2015 11:57, Sergey Brester wrote:
> The patch sounds not bad at all, but I would have also removed the calculation and verification of crc32... Makes no sense, if either way the keys would be compared.
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel [1]
Links:
------
[1] http://mailman.nginx.org/mailman/listinfo/nginx-devel
[2] https://github.com/sebres/nginx/pull/2
[3]
https://github.com/sebres/misc/blob/tcl-test-hash-collision/tcl/hash-collision.tcl_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel