From d3196d1f0f9bb16ec5bdc0fb0fc049a11c77e541 Mon Sep 17 00:00:00 2001 From: Ravi Teja P Date: Mon, 22 Jun 2020 00:20:54 +0530 Subject: [PATCH 1/6] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface The __hash__() methods of classes IPv4Interface and IPv6Interface had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. The fix uses the hash() function to generate hash values for the objects instead of XOR operation --- Lib/ipaddress.py | 4 ++-- Lib/test/test_ipaddress.py | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py index 6e5a754c2acf1e..75b4c352c1d257 100644 --- a/Lib/ipaddress.py +++ b/Lib/ipaddress.py @@ -1420,7 +1420,7 @@ def __lt__(self, other): return False def __hash__(self): - return self._ip ^ self._prefixlen ^ int(self.network.network_address) + return hash((self._ip, self._prefixlen, int(self.network.network_address))) __reduce__ = _IPAddressBase.__reduce__ @@ -2120,7 +2120,7 @@ def __lt__(self, other): return False def __hash__(self): - return self._ip ^ self._prefixlen ^ int(self.network.network_address) + return hash((self._ip, self._prefixlen, int(self.network.network_address))) __reduce__ = _IPAddressBase.__reduce__ diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py index 6d5814c9774a0f..88b6f7e7df8dee 100644 --- a/Lib/test/test_ipaddress.py +++ b/Lib/test/test_ipaddress.py @@ -2548,6 +2548,24 @@ def testsixtofour(self): sixtofouraddr.sixtofour) self.assertFalse(bad_addr.sixtofour) + # issue41004 Hash collisions in IPv4Interface and IPv6Interface + + def testV4HashIsNotConstant(self): + ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4") + ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5") + self.assertNotEqual(32, ipv4_address1.__hash__()) + self.assertNotEqual(32, ipv4_address2.__hash__()) + self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__()) + + # issue41004 Hash collisions in IPv4Interface and IPv6Interface + + def testV6HashIsNotConstant(self): + ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1") + ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2") + self.assertNotEqual(128, ipv6_address1.__hash__()) + self.assertNotEqual(128, ipv6_address2.__hash__()) + self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__()) + if __name__ == '__main__': unittest.main() From 8ee65fdccea4b32a587d46b2bc42b6f8da4acc4b Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Sun, 21 Jun 2020 19:01:02 +0000 Subject: [PATCH 2/6] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Security/2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 Misc/NEWS.d/next/Security/2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst diff --git a/Misc/NEWS.d/next/Security/2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst b/Misc/NEWS.d/next/Security/2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst new file mode 100644 index 00000000000000..a51fde51237e30 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst @@ -0,0 +1,2 @@ +The hash() methods of classes IPv4Interface and IPv6Interface (of the ipaddress library) had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. +The fix uses the hash() function to generate hash values for the objects instead of XOR operation \ No newline at end of file From 5ed371633f29f91b2ec4a52656f81d481fe4bda1 Mon Sep 17 00:00:00 2001 From: Ravi Teja P Date: Mon, 29 Jun 2020 21:26:24 +0530 Subject: [PATCH 3/6] bpo-41004: Removed unnecessary assertions, as per the requested changes --- Lib/test/test_ipaddress.py | 6 ------ 1 file changed, 6 deletions(-) diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py index 88b6f7e7df8dee..3c070080a6aaeb 100644 --- a/Lib/test/test_ipaddress.py +++ b/Lib/test/test_ipaddress.py @@ -2549,21 +2549,15 @@ def testsixtofour(self): self.assertFalse(bad_addr.sixtofour) # issue41004 Hash collisions in IPv4Interface and IPv6Interface - def testV4HashIsNotConstant(self): ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4") ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5") - self.assertNotEqual(32, ipv4_address1.__hash__()) - self.assertNotEqual(32, ipv4_address2.__hash__()) self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__()) # issue41004 Hash collisions in IPv4Interface and IPv6Interface - def testV6HashIsNotConstant(self): ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1") ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2") - self.assertNotEqual(128, ipv6_address1.__hash__()) - self.assertNotEqual(128, ipv6_address2.__hash__()) self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__()) From cc086f763e5183e0c387bc1daf8576755d8d5468 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Mon, 29 Jun 2020 16:02:30 +0000 Subject: [PATCH 4/6] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst new file mode 100644 index 00000000000000..121a5038aa6b05 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst @@ -0,0 +1 @@ +The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. \ No newline at end of file From 897c614183cc125e876ec24161122023d1b995b1 Mon Sep 17 00:00:00 2001 From: "Eric V. Smith" Date: Mon, 29 Jun 2020 13:07:06 -0400 Subject: [PATCH 5/6] Update 2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst --- .../next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst index 121a5038aa6b05..1380b31fbe9f41 100644 --- a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst +++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst @@ -1 +1 @@ -The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. \ No newline at end of file +The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). From 4025efc4b230429ae369e01011cb0e274dfc921e Mon Sep 17 00:00:00 2001 From: "Eric V. Smith" Date: Mon, 29 Jun 2020 13:07:17 -0400 Subject: [PATCH 6/6] Delete 2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst --- .../next/Security/2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 Misc/NEWS.d/next/Security/2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst diff --git a/Misc/NEWS.d/next/Security/2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst b/Misc/NEWS.d/next/Security/2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst deleted file mode 100644 index a51fde51237e30..00000000000000 --- a/Misc/NEWS.d/next/Security/2020-06-21-19-01-01.bpo-41004.P6i7Nj.rst +++ /dev/null @@ -1,2 +0,0 @@ -The hash() methods of classes IPv4Interface and IPv6Interface (of the ipaddress library) had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. -The fix uses the hash() function to generate hash values for the objects instead of XOR operation \ No newline at end of file