Do not obey PERL_HASH_SEED or PERL_HASH_SEED_DEBUG

if tainting-- but is this a good thing or a bad thing?
(At least it makes debugging lib/Hash/Util.t harder,
since it has, for no apparent good reason, -T: one must
make a copy of it without the -T.)

p4raw-id: //depot/perl@19861

diff --git a/perl.c b/perl.c
index f8c1153..a4487fb 100644 (file)
--- a/perl.c
+++ b/perl.c
@@ -278,7 +278,10 @@ perl_construct(pTHXx)
 #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
     /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 */
     {
-       char *s = PerlEnv_getenv("PERL_HASH_SEED");
+       char *s = NULL;
+
+       if (!PL_tainting)
+          s = PerlEnv_getenv("PERL_HASH_SEED");
        if (s)
            while (isSPACE(*s)) s++;
        if (s && isDIGIT(*s))
@@ -299,7 +302,7 @@ perl_construct(pTHXx)
 #endif /* RANDBITS < (UVSIZE * 8) */
        }
 #endif /* USE_HASH_SEED_EXPLICIT */
-       if ((s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG")))
+       if (!PL_tainting && (s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG")))
           PerlIO_printf(Perl_debug_log, "HASH_SEED = %"UVuf"\n",
                         PL_hash_seed);
     }