/* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0
* This MUST be done before any hash stores or fetches take place. */
{
- bool earlytaint = doing_taint(argc, argv, env);
- char *s = NULL;
-
- if (!earlytaint)
- s = PerlEnv_getenv("PERL_HASH_SEED");
+ char *s = PerlEnv_getenv("PERL_HASH_SEED");
if (s)
while (isSPACE(*s)) s++;
if (s && isDIGIT(*s))
=item PERL_HASH_SEED
-(Since Perl 5.8.1.)
-
-Used to randomise Perl's internal hash function. To emulate the
-pre-5.8.1 behaviour, set to an integer (zero means exactly the same
-order as 5.8.0). "Pre-5.8.1" means, among other things, that hash
-keys will be ordered the same between different runs of Perl.
+(Since Perl 5.8.1.) Used to randomise Perl's internal hash function.
+To emulate the pre-5.8.1 behaviour, set to an integer (zero means
+exactly the same order as 5.8.0). "Pre-5.8.1" means, among other
+things, that hash keys will be ordered the same between different runs
+of Perl.
The default behaviour is to randomise unless the PERL_HASH_SEED is set.
If Perl has been compiled with C<-DUSE_HASH_SEED_EXPLICIT>, the default
If PERL_HASH_SEED is unset or set to a non-numeric string, Perl uses
the pseudorandom seed supplied by the operating system and libraries.
-If unset, each different run of Perl will have different ordering of
-the outputs of keys(), values(), and each().
+This means that each different run of Perl will have a different
+ordering of the results of keys(), values(), and each().
See L<perlsec/"Algorithmic Complexity Attacks"> for more information.
=item PERL_HASH_SEED_DEBUG
-Set to (anything) to display the value of the hash seed.
+(Since Perl 5.8.1.) Set to (anything) to display (to STDERR)
+the value of the hash seed at the beginning of execution.
=item PERL_ROOT (specific to the VMS port)
projects / p5sagit/p5-mst-13.2.git / commitdiff