Issue41004
Created on 2020-06-17 13:11 by nnewram, last changed 2020-08-04 02:35 by larry. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 20956 | open | svaddi, 2020-06-18 08:03 | |
| PR 21033 | merged | rvteja92, 2020-06-21 18:57 | |
| PR 21220 | merged | miss-islington, 2020-06-29 17:39 | |
| PR 21221 | merged | miss-islington, 2020-06-29 17:39 | |
| PR 21231 | merged | tapakund, 2020-06-30 07:52 | |
| PR 21232 | merged | tapakund, 2020-06-30 08:25 | |
| PR 21233 | merged | tapakund, 2020-06-30 09:42 | |
| Messages (18) | |||
|---|---|---|---|
| msg371738 - (view) | Author: martin wennberg (nnewram) | Date: 2020-06-17 13:11 | |
In the ipaddress library there exists two classes IPv4Interface, and IPv6Interface. These classes' hash functions will always return 32 and 64 respectively. If IPv4Interface or IPv6Interface objects then are put in a dictionary, on for example a server storing IPs, this will cause hash collisions, which in turn can lead to DOS. The root of this is on line 1421 and 2095. On both lines, self._ip and self.network.network_address will both be same, and when xor is applied they will cancel eachother out, leaving return self._prefixlen . Since self._prefixlen is a constant, 32 and 64 respectively, this will lead to a constant hash. The fix is trivial, on line 1421, change to: return hash((self._ip, self._prefixlen, int(self.network.network_address))) and on line 2095, change to: return hash((self._ip, self._prefixlen, int(self.network.network_address))) |
|||
| msg371768 - (view) | Author: Eric V. Smith (eric.smith) * | Date: 2020-06-17 17:30 | |
Good catch. Your approach seems like a good one. |
|||
| msg371770 - (view) | Author: martin wennberg (nnewram) | Date: 2020-06-17 19:07 | |
Forgot to add, this applies to all versions, 3.10, 3.9, 3.8, 3.7, 3.6, 3.5 |
|||
| msg371793 - (view) | Author: Amir Mohamadi (Amir) * | Date: 2020-06-18 07:58 | |
Can I make a PR for this? |
|||
| msg371794 - (view) | Author: martin wennberg (nnewram) | Date: 2020-06-18 08:03 | |
Absolutely, go ahead Amir |
|||
| msg371882 - (view) | Author: Eric V. Smith (eric.smith) * | Date: 2020-06-19 13:10 | |
Changing versions to where the fix would be applied. |
|||
| msg372030 - (view) | Author: Ravi Teja P (rvteja92) * | Date: 2020-06-22 03:45 | |
Hi I have raised a PR for this. But my PLA is yet to be updated (I have singed it). But add the fix to the existing versions (3.8, 3.9 and 3.10), do I need to raise PR for each of those branches? |
|||
| msg372031 - (view) | Author: Amir Mohamadi (Amir) * | Date: 2020-06-22 05:13 | |
No @rvteja92, you don't need open multiple PRs, only make your changes on master branch. for more informations read this: https://devguide.python.org/ And for the CLA sign it will take a while to be updated. |
|||
| msg372515 - (view) | Author: Ravi Teja P (rvteja92) * | Date: 2020-06-28 12:47 | |
Hi My CLA has been approved. Can someone review the PR. |
|||
| msg372606 - (view) | Author: Eric V. Smith (eric.smith) * | Date: 2020-06-29 17:39 | |
New changeset b30ee26e366bf509b7538d79bfec6c6d38d53f28 by Ravi Teja P in branch 'master': bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) https://github.com/python/cpython/commit/b30ee26e366bf509b7538d79bfec6c6d38d53f28 |
|||
| msg372611 - (view) | Author: miss-islington (miss-islington) | Date: 2020-06-29 18:12 | |
New changeset dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 by Miss Islington (bot) in branch '3.8': bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 |
|||
| msg372612 - (view) | Author: miss-islington (miss-islington) | Date: 2020-06-29 18:15 | |
New changeset 9a646aa82dfa62d70ca2a99ada901ee6cf9f82bd by Miss Islington (bot) in branch '3.9': bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) https://github.com/python/cpython/commit/9a646aa82dfa62d70ca2a99ada901ee6cf9f82bd |
|||
| msg372677 - (view) | Author: Eric V. Smith (eric.smith) * | Date: 2020-06-30 11:01 | |
Ned: what are your thoughts on backporting this as a security issue? https://nvd.nist.gov/vuln/detail?vulnId=CVE-2020-14422 |
|||
| msg372679 - (view) | Author: Dong-hee Na (corona10) * | Date: 2020-06-30 11:05 | |
> https://nvd.nist.gov/vuln/detail?vulnId=CVE-2020-14422 As Eric said, this issue is assigned a CVE-2020-14422. I re-open PRs for 3.5 - 3.7 and waiting for other core developers guide. I am +1 on merge this PRs as the security patch. |
|||
| msg372695 - (view) | Author: Ned Deily (ned.deily) * | Date: 2020-06-30 14:41 | |
A legitimate CVE should certainly be backported to all applicable releases, so, yes. However, I think that it is important for the CVE to be mentioned in the NEWS blurbs for each commit. So please update the NEWS items in each open PR to include the CVE. For master and 3.9 (if you hurry), you can update the original blurb file. For 3.8, the blurb file is in the process of being merged into the blurb for the release; for it, wait until the v3.8.4rc1 has been merged back into the main cpython repo and then update the merged the blob, please. Thanks! |
|||
| msg372720 - (view) | Author: Ned Deily (ned.deily) * | Date: 2020-06-30 19:20 | |
New changeset b98e7790c77a4378ec4b1c71b84138cb930b69b7 by Tapas Kundu in branch '3.7': [3.7] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) (GH-21231) https://github.com/python/cpython/commit/b98e7790c77a4378ec4b1c71b84138cb930b69b7 |
|||
| msg372721 - (view) | Author: Ned Deily (ned.deily) * | Date: 2020-06-30 19:30 | |
New changeset cfc7ff8d05f7a949a88b8a8dd506fb5c1c30d3e9 by Tapas Kundu in branch '3.6': [3.6] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) (GH-21232) https://github.com/python/cpython/commit/cfc7ff8d05f7a949a88b8a8dd506fb5c1c30d3e9 |
|||
| msg374787 - (view) | Author: Larry Hastings (larry) * | Date: 2020-08-04 02:33 | |
New changeset 11d258ceafdf60ab3840f9a5700f2d0ad3e2e2d1 by Tapas Kundu in branch '3.5': [3.5] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) (#21233) https://github.com/python/cpython/commit/11d258ceafdf60ab3840f9a5700f2d0ad3e2e2d1 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2020-08-04 02:35:49 | larry | set | status: open -> closed assignee: eric.smith -> |
| 2020-08-04 02:33:35 | larry | set | nosy:
+ larry messages: + msg374787 |
| 2020-07-11 01:21:40 | jcea | set | nosy:
+ jcea |
| 2020-07-09 14:09:45 | vstinner | set | title: Hash collisions in IPv4Interface and IPv6Interface -> [CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface |
| 2020-06-30 19:30:29 | ned.deily | set | messages: + msg372721 |
| 2020-06-30 19:20:25 | ned.deily | set | messages: + msg372720 |
| 2020-06-30 14:41:52 | ned.deily | set | messages: + msg372695 |
| 2020-06-30 11:05:26 | corona10 | set | nosy:
+ corona10 messages: + msg372679 |
| 2020-06-30 11:02:48 | corona10 | set | status: closed -> open versions: + Python 3.5, Python 3.6, Python 3.7 |
| 2020-06-30 11:01:31 | eric.smith | set | nosy:
+ ned.deily messages: + msg372677 |
| 2020-06-30 09:42:10 | tapakund | set | pull_requests: + pull_request20387 |
| 2020-06-30 08:25:02 | tapakund | set | pull_requests: + pull_request20386 |
| 2020-06-30 07:52:57 | tapakund | set | nosy:
+ tapakund pull_requests: + pull_request20385 |
| 2020-06-29 18:18:36 | eric.smith | set | status: open -> closed assignee: eric.smith resolution: fixed stage: patch review -> resolved |
| 2020-06-29 18:15:42 | miss-islington | set | messages: + msg372612 |
| 2020-06-29 18:12:59 | miss-islington | set | messages: + msg372611 |
| 2020-06-29 17:39:57 | miss-islington | set | pull_requests: + pull_request20373 |
| 2020-06-29 17:39:49 | miss-islington | set | nosy:
+ miss-islington pull_requests: + pull_request20372 |
| 2020-06-29 17:39:36 | eric.smith | set | messages: + msg372606 |
| 2020-06-28 12:47:18 | rvteja92 | set | messages: + msg372515 |
| 2020-06-23 14:43:54 | Beuc | set | nosy:
+ Beuc |
| 2020-06-22 05:13:36 | Amir | set | messages: + msg372031 |
| 2020-06-22 03:45:50 | rvteja92 | set | messages: + msg372030 |
| 2020-06-21 18:57:18 | rvteja92 | set | nosy:
+ rvteja92 pull_requests: + pull_request20204 |
| 2020-06-19 13:10:54 | eric.smith | set | messages:
+ msg371882 versions: - Python 3.5, Python 3.6, Python 3.7 |
| 2020-06-18 08:03:09 | svaddi | set | keywords:
+ patch nosy: + svaddi pull_requests:
+ pull_request20137 |
| 2020-06-18 08:03:05 | nnewram | set | messages: + msg371794 |
| 2020-06-18 07:58:42 | Amir | set | nosy:
+ Amir messages: + msg371793 |
| 2020-06-17 19:07:20 | nnewram | set | messages:
+ msg371770 versions: + Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9 |
| 2020-06-17 18:08:55 | nnewram | set | versions: + Python 3.10, - Python 3.8 |
| 2020-06-17 17:31:45 | eric.smith | set | keywords: + easy |
| 2020-06-17 17:30:06 | eric.smith | set | nosy:
+ eric.smith messages: + msg371768 |
| 2020-06-17 14:16:14 | nnewram | set | type: security |
| 2020-06-17 13:11:52 | nnewram | create | |