You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently libsqsh uses a hashmap to cache deflated artifacts of the archive. This is prone to hash collisions and can exploited by well crafted squashfs archives to influence to both increase the time of search and memory usage.
The idea is to replace the hashmap with radix trees, which on its own would waste memory as we need a 1-byte resolution. What we can actually do is to use a combination of radix trees, that resolves only to the lower 8 kbyte and safe the rest of the data in a linked list. The actual parameters need to be tuned.
Radix trees have constant runtime behavior and in combination with linked list, the worst case is that we have a lookup time of O(log(n/r/m)+m), I guess. Which looks pretty okay. And more important is not prone to attacks.
The text was updated successfully, but these errors were encountered:
Currently libsqsh uses a hashmap to cache deflated artifacts of the archive. This is prone to hash collisions and can exploited by well crafted squashfs archives to influence to both increase the time of search and memory usage.
The idea is to replace the hashmap with radix trees, which on its own would waste memory as we need a 1-byte resolution. What we can actually do is to use a combination of radix trees, that resolves only to the lower 8 kbyte and safe the rest of the data in a linked list. The actual parameters need to be tuned.
Radix trees have constant runtime behavior and in combination with linked list, the worst case is that we have a lookup time of
O(log(n/r/m)+m)
, I guess. Which looks pretty okay. And more important is not prone to attacks.The text was updated successfully, but these errors were encountered: