Skip to content

[Symfony Lock] possible lock id collision in DoctrineDbalPostgreSqlStore #58838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
FractalizeR opened this issue Nov 12, 2024 · 1 comment
Open

[Symfony Lock] possible lock id collision in DoctrineDbalPostgreSqlStore #58838

FractalizeR opened this issue Nov 12, 2024 · 1 comment
Labels
Bug Lock Stalled Status: Needs Review

Comments

@FractalizeR
Copy link
Contributor

Symfony version(s) affected

7.1.0

Description

https://github.com/symfony/lock/blob/7.1/Store/DoctrineDbalPostgreSqlStore.php#L233

Here we take CRC32 from key's name to make a call to Postgres's pg_advisory_lock. But pg_advisory_lock takes int64 as a parameter and we can make it part of shaxxx()'s result, for instance. CRC32 is not very collision-resistant and in case application has many locks active, it may degrade.

How to reproduce

https://github.com/symfony/lock/blob/7.1/Store/DoctrineDbalPostgreSqlStore.php#L233

Possible Solution

Move to more collision resistant hash generation function.

Additional Context

No response
@xabbuh xabbuh added the Lock label Nov 12, 2024
@carsonbot
Copy link

Hey, thanks for your report!
There has not been a lot of activity here for a while. Is this bug still relevant? Have you managed to find a workaround?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Lock Stalled Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FractalizeR @xabbuh @carsonbot