forked from OISF/suricata-verify
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
datasets: add test to show hash collisions
Bug 7209
- Loading branch information
Showing
4 changed files
with
65,564 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
Test Description | ||
================ | ||
|
||
Datasets use a static DJB2 hash function to hash all types of datasets. These hashed | ||
datasets are stored in the THash API which has no randomization in place. As | ||
a result of this, the hash table can be exploited with a worst case time scenario of | ||
O(n) where n is the total number of entries in the table as a result of excessive chaining | ||
in a single row. | ||
|
||
The test shows that it takes excess time for the THash API to load the datasets from the file | ||
as many of them evaluate the exact same hash using the algorithm so this is not even the worst | ||
case scenario. With bigger dataset and lesser system specs/availability of resources, | ||
this can be worse. Note that it is not just about the number of datasets as there already | ||
does exist a test already that loads 1m+ datasets. | ||
|
||
Test data procured from: https://bugs.php.net/bug.php?id=70644 | ||
|
||
Redmine Ticket | ||
============== | ||
|
||
https://redmine.openinfosecfoundation.org/issues/7209 |
Oops, something went wrong.