Comment 7 for bug 1036985

Revision history for this message
In , Guillaume Pernot (gpernot) wrote :

Created attachment 59
randomized hashmaps to prevent DOS attacks

hashmap are not randomized, so that it is possible to forge fake headers that will always go into the same bucket.
try 'curl http://78.230.4.96/hashes.asis' via tinyproxy and without it to convince you (~8 MB of headers). I'll remove this url as soon as bug is accepted...

attached patch should solve this. it's certainly perfectible, though (autoconf for time() and rand() are missing...).