Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 3e632dc

Browse filesBrowse files
tapakundtapakund
committed
[3.5] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (pythonGH-21033)
The __hash__() methods of classes IPv4Interface and IPv6Interface had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. The fix uses the hash() function to generate hash values for the objects instead of XOR operation (cherry picked from commit b30ee26) Co-authored-by: Ravi Teja P <rvteja92@gmail.com> Signed-off-by: Tapas Kundu <tkundu@vmware.com>
1 parent 09d8172 commit 3e632dc
Copy full SHA for 3e632dc

File tree

3 files changed

+14
-2
lines changed
Filter options

3 files changed

+14
-2
lines changed

‎Lib/ipaddress.py

Copy file name to clipboardExpand all lines: Lib/ipaddress.py
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1418,7 +1418,7 @@ def __lt__(self, other):
14181418
return False
14191419

14201420
def __hash__(self):
1421-
return self._ip ^ self._prefixlen ^ int(self.network.network_address)
1421+
return hash((self._ip, self._prefixlen, int(self.network.network_address)))
14221422

14231423
__reduce__ = _IPAddressBase.__reduce__
14241424

@@ -2109,7 +2109,7 @@ def __lt__(self, other):
21092109
return False
21102110

21112111
def __hash__(self):
2112-
return self._ip ^ self._prefixlen ^ int(self.network.network_address)
2112+
return hash((self._ip, self._prefixlen, int(self.network.network_address)))
21132113

21142114
__reduce__ = _IPAddressBase.__reduce__
21152115

‎Lib/test/test_ipaddress.py

Copy file name to clipboardExpand all lines: Lib/test/test_ipaddress.py
+11Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1966,6 +1966,17 @@ def testsixtofour(self):
19661966
sixtofouraddr.sixtofour)
19671967
self.assertFalse(bad_addr.sixtofour)
19681968

1969+
# issue41004 Hash collisions in IPv4Interface and IPv6Interface
1970+
def testV4HashIsNotConstant(self):
1971+
ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4")
1972+
ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5")
1973+
self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__())
1974+
1975+
# issue41004 Hash collisions in IPv4Interface and IPv6Interface
1976+
def testV6HashIsNotConstant(self):
1977+
ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1")
1978+
ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2")
1979+
self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__())
19691980

19701981
if __name__ == '__main__':
19711982
unittest.main()

‎Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst

Copy file name to clipboard
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.