Blame SOURCES/00352-resolve-hash-collisions-for-ipv4interface-and-ipv6interface.patch

d43968
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
d43968
From: Tapas Kundu <39723251+tapakund@users.noreply.github.com>
d43968
Date: Wed, 1 Jul 2020 01:00:22 +0530
d43968
Subject: [PATCH] 00352: Resolve hash collisions for IPv4Interface and
d43968
 IPv6Interface
d43968
d43968
CVE-2020-14422
d43968
The hash() methods of classes IPv4Interface and IPv6Interface had issue
d43968
of generating constant hash values of 32 and 128 respectively causing hash collisions.
d43968
The fix uses the hash() function to generate hash values for the objects
d43968
instead of XOR operation.
d43968
Fixed upstream: https://bugs.python.org/issue41004
d43968
---
d43968
 Lib/ipaddress.py                                      |  4 ++--
d43968
 Lib/test/test_ipaddress.py                            | 11 +++++++++++
d43968
 .../Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst |  1 +
d43968
 3 files changed, 14 insertions(+), 2 deletions(-)
d43968
 create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
d43968
d43968
diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
d43968
index 583f02ad54..98492136ca 100644
d43968
--- a/Lib/ipaddress.py
d43968
+++ b/Lib/ipaddress.py
d43968
@@ -1418,7 +1418,7 @@ class IPv4Interface(IPv4Address):
d43968
             return False
d43968
 
d43968
     def __hash__(self):
d43968
-        return self._ip ^ self._prefixlen ^ int(self.network.network_address)
d43968
+        return hash((self._ip, self._prefixlen, int(self.network.network_address)))
d43968
 
d43968
     __reduce__ = _IPAddressBase.__reduce__
d43968
 
d43968
@@ -2092,7 +2092,7 @@ class IPv6Interface(IPv6Address):
d43968
             return False
d43968
 
d43968
     def __hash__(self):
d43968
-        return self._ip ^ self._prefixlen ^ int(self.network.network_address)
d43968
+        return hash((self._ip, self._prefixlen, int(self.network.network_address)))
d43968
 
d43968
     __reduce__ = _IPAddressBase.__reduce__
d43968
 
d43968
diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
d43968
index 1cef4217bc..7de444af4a 100644
d43968
--- a/Lib/test/test_ipaddress.py
d43968
+++ b/Lib/test/test_ipaddress.py
d43968
@@ -1990,6 +1990,17 @@ class IpaddrUnitTest(unittest.TestCase):
d43968
                          sixtofouraddr.sixtofour)
d43968
         self.assertFalse(bad_addr.sixtofour)
d43968
 
d43968
+    # issue41004 Hash collisions in IPv4Interface and IPv6Interface
d43968
+    def testV4HashIsNotConstant(self):
d43968
+        ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4")
d43968
+        ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5")
d43968
+        self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__())
d43968
+
d43968
+    # issue41004 Hash collisions in IPv4Interface and IPv6Interface
d43968
+    def testV6HashIsNotConstant(self):
d43968
+        ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1")
d43968
+        ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2")
d43968
+        self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__())
d43968
 
d43968
 if __name__ == '__main__':
d43968
     unittest.main()
d43968
diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
d43968
new file mode 100644
d43968
index 0000000000..f5a9db52ff
d43968
--- /dev/null
d43968
+++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
d43968
@@ -0,0 +1 @@
d43968
+CVE-2020-14422: The __hash__() methods of  ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).