$Id: 085_sessreg_implement_hostname_hashing.diff 689 2005-10-19 22:11:30Z dnusinow $ The sessreg program assumes that hostnames in utmp entries are unique in the last four characters. When two entries are "test:0" and "fist:0", for example, this assumption fails. Rectify this problem by hashing the entire hostname field from the utmp entry, so that we can tell unlike hostnames apart with much greater reliability. There is still a possiblility of one hash collision in 2^32. This patch by Maximiliano Curia and Damián Viano, using a public-domain hash algorithm by Bob Jenkins. Not submitted to XFree86. Index: sessreg/sessreg.c =================================================================== --- sessreg/sessreg.c.orig 2005-10-18 19:45:25.000000000 -0400 +++ sessreg/sessreg.c 2005-10-18 21:36:02.000000000 -0400 @@ -182,6 +182,18 @@ const char *host, Time_t date, int addp); #endif +#ifdef SYSV +/* used for hashing ut_id */ +typedef unsigned long int ub4; /* unsigned 4-byte quantities */ +typedef unsigned char ub1; /* unsigned 1-byte quantities */ + +#define hashsize(n) ((ub4)1<<(n)) +#define hashmask(n) (hashsize(n)-1) + +ub4 hash(register ub1 *k, register ub4 length, register ub4 initval); + +#endif + int wflag, uflag, lflag; char *wtmp_file, *utmp_file, *line; #ifdef USE_UTMPX @@ -469,21 +481,23 @@ bzero (u->ut_name, sizeof (u->ut_name)); #ifdef SYSV if (line) { - int i; /* - * this is a bit crufty, but - * follows the apparent conventions in - * the ttys file. ut_id is only 4 bytes - * long, and the last 4 bytes of the line - * name are written into it, left justified. + * The ut_id is 4 bytes long. We make a hash of the line + * received, preceding it by ":" to prevent clashing with + * other ut_ids. */ - i = strlen (line); - if (i >= sizeof (u->ut_id)) - i -= sizeof (u->ut_id); - else - i = 0; - (void) strncpy (u->ut_id, line + i, sizeof (u->ut_id)); + ub4 h; + u->ut_id[0]=':'; + h = hash(line, strlen(line),0x9e3779b9); + h = (h & hashmask((sizeof(u->ut_id)-sizeof(char))*8)); + (void) strncpy (u->ut_id + 1,(char *) &h, sizeof (u->ut_id)-sizeof(char)); } else + /* + * From utmp(5): + * Clearing ut_id may result in race conditions leading to corrupted + * utmp entries and and potential security holes. + */ + /* TODO: CHECK this */ bzero (u->ut_id, sizeof (u->ut_id)); if (addp) { u->ut_pid = getppid (); @@ -722,3 +736,129 @@ return freeslot; } #endif + +#ifdef SYSV +/* +-------------------------------------------------------------------- +mix -- mix 3 32-bit values reversibly. +For every delta with one or two bits set, and the deltas of all three + high bits or all three low bits, whether the original value of a,b,c + is almost all zero or is uniformly distributed, +* If mix() is run forward or backward, at least 32 bits in a,b,c + have at least 1/4 probability of changing. +* If mix() is run forward, every bit of c will change between 1/3 and + 2/3 of the time. (Well, 22/100 and 78/100 for some 2-bit deltas.) +mix() was built out of 36 single-cycle latency instructions in a + structure that could supported 2x parallelism, like so: + a -= b; + a -= c; x = (c>>13); + b -= c; a ^= x; + b -= a; x = (a<<8); + c -= a; b ^= x; + c -= b; x = (b>>13); + ... + Unfortunately, superscalar Pentiums and Sparcs can't take advantage + of that parallelism. They've also turned some of those single-cycle + latency instructions into multi-cycle latency instructions. Still, + this is the fastest good hash I could find. There were about 2^^68 + to choose from. I only looked at a billion or so. +-------------------------------------------------------------------- +*/ +#define mix(a,b,c) \ +{ \ + a -= b; a -= c; a ^= (c>>13); \ + b -= c; b -= a; b ^= (a<<8); \ + c -= a; c -= b; c ^= (b>>13); \ + a -= b; a -= c; a ^= (c>>12); \ + b -= c; b -= a; b ^= (a<<16); \ + c -= a; c -= b; c ^= (b>>5); \ + a -= b; a -= c; a ^= (c>>3); \ + b -= c; b -= a; b ^= (a<<10); \ + c -= a; c -= b; c ^= (b>>15); \ +} + +/* +-------------------------------------------------------------------- +hash() -- hash a variable-length key into a 32-bit value + k : the key (the unaligned variable-length array of bytes) + len : the length of the key, counting by bytes + initval : can be any 4-byte value +Returns a 32-bit value. Every bit of the key affects every bit of +the return value. Every 1-bit and 2-bit delta achieves avalanche. +About 6*len+35 instructions. + +The best hash table sizes are powers of 2. There is no need to do +mod a prime (mod is sooo slow!). If you need less than 32 bits, +use a bitmask. For example, if you need only 10 bits, do + h = (h & hashmask(10)); +In which case, the hash table should have hashsize(10) elements. + +If you are hashing n strings (ub1 **)k, do it like this: + for (i=0, h=0; i + Date: Thu, 27 May 2004 22:33:06 -0700 + To: Margarita Manterola + Subject: Re: Hash function + + The algorithm is public domain. I ask that I be referenced as the + source of the algorithm, but I can't enforce that, since being public + domain means I've reserved no rights at all. + +-- Branden Robinson, 2004-06-06] + +See http://burtleburtle.net/bob/hash/evahash.html +Use for hash table lookup, or anything where one collision in 2^^32 is +acceptable. Do NOT use for cryptographic purposes. +-------------------------------------------------------------------- +*/ + +ub4 +hash(register ub1 *k, register ub4 length, register ub4 initval) +{ + register ub4 a,b,c,len; + + /* Set up the internal state */ + len = length; + a = b = 0x9e3779b9; /* the golden ratio; an arbitrary value */ + c = initval; /* the previous hash value */ + + /*---------------------------------------- handle most of the key */ + while (len >= 12) + { + a += (k[0] +((ub4)k[1]<<8) +((ub4)k[2]<<16) +((ub4)k[3]<<24)); + b += (k[4] +((ub4)k[5]<<8) +((ub4)k[6]<<16) +((ub4)k[7]<<24)); + c += (k[8] +((ub4)k[9]<<8) +((ub4)k[10]<<16)+((ub4)k[11]<<24)); + mix(a,b,c); + k += 12; len -= 12; + } + + /*------------------------------------- handle the last 11 bytes */ + c += length; + switch(len) /* all the case statements fall through */ + { + case 11: c+=((ub4)k[10]<<24); + case 10: c+=((ub4)k[9]<<16); + case 9 : c+=((ub4)k[8]<<8); + /* the first byte of c is reserved for the length */ + case 8 : b+=((ub4)k[7]<<24); + case 7 : b+=((ub4)k[6]<<16); + case 6 : b+=((ub4)k[5]<<8); + case 5 : b+=k[4]; + case 4 : a+=((ub4)k[3]<<24); + case 3 : a+=((ub4)k[2]<<16); + case 2 : a+=((ub4)k[1]<<8); + case 1 : a+=k[0]; + /* case 0: nothing left to add */ + } + mix(a,b,c); + /*-------------------------------------------- report the result */ + return c; +} + +#endif