How does Nginx look-up cached resource?
Sergey Brester
serg.brester at sebres.de
Thu Sep 10 12:53:52 UTC 2015
Enclosed you will find an attached changeset, that contains suggested
fix with keys comparison and completely removed additional protection
via crc32.
Tested also on known to me keys with md5 collisions (see below) - it
works.
If someone needs a git version of it:
https://github.com/sebres/nginx/pull/2 [2]
Below you can find a TCL-code to test strings (hex), that produce an md5
collision (with an example with one collision):
https://github.com/sebres/misc/blob/tcl-test-hash-collision/tcl/hash-collision.tcl
[3]
Regards,
sebres.
On 10.09.2015 11:57, Sergey Brester wrote:
> The patch sounds not bad at all, but I would have also removed the calculation and verification of crc32... Makes no sense, if either way the keys would be compared.
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel [1]
Links:
------
[1] http://mailman.nginx.org/mailman/listinfo/nginx-devel
[2] https://github.com/sebres/nginx/pull/2
[3]
https://github.com/sebres/misc/blob/tcl-test-hash-collision/tcl/hash-collision.tcl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150910/14dc5c17/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: _sb-secure-cache-fix.patch
Type: text/x-diff
Size: 5089 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150910/14dc5c17/attachment.bin>
More information about the nginx-devel
mailing list