<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p> </p>
<p>Enclosed you will find an attached changeset, that contains suggested fix with keys comparison and completely removed additional protection via crc32.</p>
<p>Tested also on known to me keys with md5 collisions (see below) - it works.</p>
<p><br />If someone needs a git version of it:</p>
<p><a href="https://github.com/sebres/nginx/pull/2">https://github.com/sebres/nginx/pull/2</a></p>
<p><br />Below you can find a TCL-code to test strings (hex), that produce an md5 collision (with an example with one collision):</p>
<p><a href="https://github.com/sebres/misc/blob/tcl-test-hash-collision/tcl/hash-collision.tcl">https://github.com/sebres/misc/blob/tcl-test-hash-collision/tcl/hash-collision.tcl</a></p>
<p>Regards, <br />sebres.</p>
<p> </p>
<p>On 10.09.2015 11:57, Sergey Brester wrote:</p>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<pre>The patch sounds not bad at all, but I would have also removed the calculation and verification of crc32... Makes no sense, if either way the keys would be compared.

_______________________________________________
nginx-devel mailing list
<a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a>
</pre>
</blockquote>
</body></html>