From: Jarkko Hietaniemi Date: Fri, 4 Jul 2003 08:33:32 +0000 (+0000) Subject: Remove PL_earlytaint since the hash seed code X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=b089116590f5bd8ca52e6ccd2a029c8fc0abb2ae;p=p5sagit%2Fp5-mst-13.2.git Remove PL_earlytaint since the hash seed code can be delayed until perl_parse(). p4raw-id: //depot/perl@19979 --- diff --git a/dosish.h b/dosish.h index 7a9e9c4..e606beb 100644 --- a/dosish.h +++ b/dosish.h @@ -16,7 +16,7 @@ #ifdef DJGPP # define BIT_BUCKET "nul" # define OP_BINARY O_BINARY -# define PERL_SYS_INIT(c,v) EARLY_INIT2(*c,*v) MALLOC_CHECK_TAINT2(*c,*v) Perl_DJGPP_init(c,v) +# define PERL_SYS_INIT(c,v) MALLOC_CHECK_TAINT2(*c,*v) Perl_DJGPP_init(c,v) # define init_os_extras Perl_init_os_extras # include # define HAS_UTIME @@ -29,15 +29,15 @@ # define PERL_FS_VER_FMT "%d_%d_%d" #else /* DJGPP */ # ifdef WIN32 -# define PERL_SYS_INIT(c,v) EARLY_INIT2(*c,*v) MALLOC_CHECK_TAINT2(*c,*v) Perl_win32_init(c,v) +# define PERL_SYS_INIT(c,v) MALLOC_CHECK_TAINT2(*c,*v) Perl_win32_init(c,v) # define PERL_SYS_TERM() Perl_win32_term() # define BIT_BUCKET "nul" # else # ifdef NETWARE -# define PERL_SYS_INIT(c,v) EARLY_INIT2(*c,*v) MALLOC_CHECK_TAINT2(*c,*v) Perl_nw5_init(c,v) +# define PERL_SYS_INIT(c,v) MALLOC_CHECK_TAINT2(*c,*v) Perl_nw5_init(c,v) # define BIT_BUCKET "nwnul" # else -# define PERL_SYS_INIT(c,v) EARLY_INIT2(*c,*v) MALLOC_CHECK_TAINT2(*c,*v) +# define PERL_SYS_INIT(c,v) MALLOC_CHECK_TAINT2(*c,*v) # define BIT_BUCKET "\\dev\\nul" /* "wanna be like, umm, Newlined, or somethin?" */ # endif /* NETWARE */ # endif diff --git a/embedvar.h b/embedvar.h index f2a44e1..dcb980a 100644 --- a/embedvar.h +++ b/embedvar.h @@ -897,7 +897,6 @@ #define PL_curinterp (PL_Vars.Gcurinterp) #define PL_do_undump (PL_Vars.Gdo_undump) #define PL_dollarzero_mutex (PL_Vars.Gdollarzero_mutex) -#define PL_earlytaint (PL_Vars.Gearlytaint) #define PL_hexdigit (PL_Vars.Ghexdigit) #define PL_malloc_mutex (PL_Vars.Gmalloc_mutex) #define PL_op_mutex (PL_Vars.Gop_mutex) @@ -912,7 +911,6 @@ #define PL_Gcurinterp PL_curinterp #define PL_Gdo_undump PL_do_undump #define PL_Gdollarzero_mutex PL_dollarzero_mutex -#define PL_Gearlytaint PL_earlytaint #define PL_Ghexdigit PL_hexdigit #define PL_Gmalloc_mutex PL_malloc_mutex #define PL_Gop_mutex PL_op_mutex diff --git a/epoc/epocish.h b/epoc/epocish.h index f7d3844..a971a8e 100644 --- a/epoc/epocish.h +++ b/epoc/epocish.h @@ -108,7 +108,7 @@ /* epocemx setenv bug workaround */ #ifndef PERL_SYS_INIT -# define PERL_SYS_INIT(c,v) EARLY_INIT2(*c,*v) MALLOC_CHECK_TAINT2(*c,*v) putenv(".dummy=foo"); putenv(".dummy"); MALLOC_INIT +# define PERL_SYS_INIT(c,v) MALLOC_CHECK_TAINT2(*c,*v) putenv(".dummy=foo"); putenv(".dummy"); MALLOC_INIT #endif #ifndef PERL_SYS_TERM diff --git a/mpeix/mpeixish.h b/mpeix/mpeixish.h index 2ed9faf..8fc055a 100644 --- a/mpeix/mpeixish.h +++ b/mpeix/mpeixish.h @@ -113,7 +113,7 @@ #define Mkdir(path,mode) mkdir((path),(mode)) #ifndef PERL_SYS_INIT -# define PERL_SYS_INIT(c,v) EARLY_INIT2(*c,*v) PERL_FPU_INIT MALLOC_INIT +# define PERL_SYS_INIT(c,v) PERL_FPU_INIT MALLOC_INIT #endif #ifndef PERL_SYS_TERM diff --git a/os2/os2ish.h b/os2/os2ish.h index 45e80b5..225d271 100644 --- a/os2/os2ish.h +++ b/os2/os2ish.h @@ -218,7 +218,6 @@ void Perl_OS2_term(void **excH, int exitstatus, int flags); # define PERL_SYS_INIT3(argcp, argvp, envp) \ { void *xreg[2]; \ - EARLY_INIT3(argcp, argvp, envp) \ MALLOC_CHECK_TAINT(*argcp, *argvp, *envp) \ _response(argcp, argvp); \ _wildcard(argcp, argvp); \ @@ -226,7 +225,6 @@ void Perl_OS2_term(void **excH, int exitstatus, int flags); # define PERL_SYS_INIT(argcp, argvp) { \ { void *xreg[2]; \ - EARLY_INIT2(argcp, argvp) \ _response(argcp, argvp); \ _wildcard(argcp, argvp); \ Perl_OS2_init3(NULL, xreg, 0) @@ -235,11 +233,9 @@ void Perl_OS2_term(void **excH, int exitstatus, int flags); # define PERL_SYS_INIT3(argcp, argvp, envp) \ { void *xreg[2]; \ - EARLY_INIT3(argcp, argvp, envp) \ Perl_OS2_init3(*envp, xreg, 0) # define PERL_SYS_INIT(argcp, argvp) { \ { void *xreg[2]; \ - EARLY_INIT2(argcp, argvp) \ Perl_OS2_init3(NULL, xreg, 0) #endif diff --git a/perl.c b/perl.c index 73f3273..abff27c 100644 --- a/perl.c +++ b/perl.c @@ -274,39 +274,6 @@ perl_construct(pTHXx) PL_stashcache = newHV(); -#if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT) - /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 */ - { - char *s = NULL; - - if (!PL_earlytaint) - s = PerlEnv_getenv("PERL_HASH_SEED"); - if (s) - while (isSPACE(*s)) s++; - if (s && isDIGIT(*s)) - PL_hash_seed = (UV)Atoul(s); -#ifndef USE_HASH_SEED_EXPLICIT - else { - /* Compute a random seed */ - (void)seedDrand01((Rand_seed_t)seed()); - PL_srand_called = TRUE; - PL_hash_seed = (UV)(Drand01() * (NV)UV_MAX); -#if RANDBITS < (UVSIZE * 8) - { - int skip = (UVSIZE * 8) - RANDBITS; - PL_hash_seed >>= skip; - /* The low bits might need extra help. */ - PL_hash_seed += (UV)(Drand01() * ((1 << skip) - 1)); - } -#endif /* RANDBITS < (UVSIZE * 8) */ - } -#endif /* USE_HASH_SEED_EXPLICIT */ - if (!PL_earlytaint && (s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG"))) - PerlIO_printf(Perl_debug_log, "HASH_SEED = %"UVuf"\n", - PL_hash_seed); - } -#endif /* #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT) */ - ENTER; } @@ -930,6 +897,41 @@ setuid perl scripts securely.\n"); #endif #endif +#if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT) + /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 + * This MUST be done before any hash stores or fetches take place. */ + { + bool earlytaint = doing_taint(argc, argv, env); + char *s = NULL; + + if (!earlytaint) + s = PerlEnv_getenv("PERL_HASH_SEED"); + if (s) + while (isSPACE(*s)) s++; + if (s && isDIGIT(*s)) + PL_hash_seed = (UV)Atoul(s); +#ifndef USE_HASH_SEED_EXPLICIT + else { + /* Compute a random seed */ + (void)seedDrand01((Rand_seed_t)seed()); + PL_srand_called = TRUE; + PL_hash_seed = (UV)(Drand01() * (NV)UV_MAX); +#if RANDBITS < (UVSIZE * 8) + { + int skip = (UVSIZE * 8) - RANDBITS; + PL_hash_seed >>= skip; + /* The low bits might need extra help. */ + PL_hash_seed += (UV)(Drand01() * ((1 << skip) - 1)); + } +#endif /* RANDBITS < (UVSIZE * 8) */ + } +#endif /* USE_HASH_SEED_EXPLICIT */ + if (!earlytaint && (s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG"))) + PerlIO_printf(Perl_debug_log, "HASH_SEED = %"UVuf"\n", + PL_hash_seed); + } +#endif /* #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT) */ + PL_origargc = argc; PL_origargv = argv; @@ -3432,8 +3434,7 @@ S_init_ids(pTHX) /* This is used very early in the lifetime of the program, * before even the options are parsed, so PL_tainting has - * not been initialized properly. The variable PL_earlytaint - * is set early in main() to the result of this function. */ + * not been initialized properly. */ bool Perl_doing_taint(int argc, char *argv[], char *envp[]) { diff --git a/perl.h b/perl.h index 8e35168..a361e0f 100644 --- a/perl.h +++ b/perl.h @@ -499,7 +499,7 @@ int usleep(unsigned int); panic_write2("panic: tainting with $ENV{PERL_MALLOC_OPT}\n");\ exit(1); }) # define MALLOC_CHECK_TAINT(argc,argv,env) STMT_START { \ - if (PL_earlytaint) { \ + if (doing_taint(argc,argv,env)) { \ MallocCfg_ptr[MallocCfg_skip_cfg_env] = 1; \ }} STMT_END; #else /* MYMALLOC */ @@ -1942,23 +1942,6 @@ typedef struct clone_params CLONE_PARAMS; # endif #endif -/* The PL_earlytaint is to be used instead PL_tainting before - * perl_parse() has had the chance to set up PL_tainting. */ - -#ifndef EARLY_INIT3 -# define EARLY_INIT3(argcp,argvp,envp) \ - STMT_START { \ - PL_earlytaint = doing_taint(argcp, argvp, envp); \ - } STMT_END; -#endif - -#ifndef EARLY_INIT2 -# define EARLY_INIT2(argcp,argvp) \ - STMT_START { \ - PL_earlytaint = doing_taint(argcp, argvp, 0); \ - } STMT_END; -#endif - #ifndef PERL_SYS_INIT3 # define PERL_SYS_INIT3(argvp,argcp,envp) PERL_SYS_INIT(argvp,argcp) #endif diff --git a/perlapi.h b/perlapi.h index 3686e6b..0f56a0a 100644 --- a/perlapi.h +++ b/perlapi.h @@ -934,8 +934,6 @@ END_EXTERN_C #define PL_do_undump (*Perl_Gdo_undump_ptr(NULL)) #undef PL_dollarzero_mutex #define PL_dollarzero_mutex (*Perl_Gdollarzero_mutex_ptr(NULL)) -#undef PL_earlytaint -#define PL_earlytaint (*Perl_Gearlytaint_ptr(NULL)) #undef PL_hexdigit #define PL_hexdigit (*Perl_Ghexdigit_ptr(NULL)) #undef PL_malloc_mutex diff --git a/perlvars.h b/perlvars.h index 27f76eb..abd2f3e 100644 --- a/perlvars.h +++ b/perlvars.h @@ -55,5 +55,3 @@ PERLVAR(Gdollarzero_mutex, perl_mutex) /* Modifying $0 */ /* This is constant on most architectures, a global on OS/2 */ PERLVARI(Gsh_path, char *, SH_PATH)/* full path of shell */ -PERLVAR(Gearlytaint, bool) /* Early warning for taint, before PL_tainting is set */ - diff --git a/plan9/plan9ish.h b/plan9/plan9ish.h index dd32f69..5c922cf 100644 --- a/plan9/plan9ish.h +++ b/plan9/plan9ish.h @@ -106,7 +106,7 @@ #define ABORT() kill(PerlProc_getpid(),SIGABRT); #define BIT_BUCKET "/dev/null" -#define PERL_SYS_INIT(c,v) EARLY_INIT2(*c,*v) MALLOC_CHECK_TAINT2(*c,*v) MALLOC_INIT +#define PERL_SYS_INIT(c,v) MALLOC_CHECK_TAINT2(*c,*v) MALLOC_INIT #define dXSUB_SYS #define PERL_SYS_TERM() MALLOC_TERM diff --git a/unixish.h b/unixish.h index 5994a83..4bf3709 100644 --- a/unixish.h +++ b/unixish.h @@ -129,7 +129,7 @@ #define Mkdir(path,mode) mkdir((path),(mode)) #ifndef PERL_SYS_INIT -# define PERL_SYS_INIT(c,v) EARLY_INIT2(*c,*v) MALLOC_CHECK_TAINT2(*c,*v) PERL_FPU_INIT MALLOC_INIT +# define PERL_SYS_INIT(c,v) MALLOC_CHECK_TAINT2(*c,*v) PERL_FPU_INIT MALLOC_INIT #endif #ifndef PERL_SYS_TERM diff --git a/vms/vmsish.h b/vms/vmsish.h index 1ab2df0..076a696 100644 --- a/vms/vmsish.h +++ b/vms/vmsish.h @@ -331,7 +331,7 @@ struct interp_intern { #endif #define BIT_BUCKET "_NLA0:" -#define PERL_SYS_INIT(c,v) EARLY_INIT2(*c,*v) MALLOC_CHECK_TAINT2(*c,*v) vms_image_init((c),(v)); MALLOC_INIT +#define PERL_SYS_INIT(c,v) MALLOC_CHECK_TAINT2(*c,*v) vms_image_init((c),(v)); MALLOC_INIT #define PERL_SYS_TERM() OP_REFCNT_TERM; MALLOC_TERM #define dXSUB_SYS #define HAS_KILL