From: Jarkko Hietaniemi Date: Fri, 27 Jun 2003 05:30:03 +0000 (+0000) Subject: Do not obey PERL_HASH_SEED or PERL_HASH_SEED_DEBUG X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=d0d2ba8fa784ab4c88f64ef679c2c1ff6203412a;p=p5sagit%2Fp5-mst-13.2.git Do not obey PERL_HASH_SEED or PERL_HASH_SEED_DEBUG if tainting-- but is this a good thing or a bad thing? (At least it makes debugging lib/Hash/Util.t harder, since it has, for no apparent good reason, -T: one must make a copy of it without the -T.) p4raw-id: //depot/perl@19861 --- diff --git a/perl.c b/perl.c index f8c1153..a4487fb 100644 --- a/perl.c +++ b/perl.c @@ -278,7 +278,10 @@ perl_construct(pTHXx) #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT) /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 */ { - char *s = PerlEnv_getenv("PERL_HASH_SEED"); + char *s = NULL; + + if (!PL_tainting) + s = PerlEnv_getenv("PERL_HASH_SEED"); if (s) while (isSPACE(*s)) s++; if (s && isDIGIT(*s)) @@ -299,7 +302,7 @@ perl_construct(pTHXx) #endif /* RANDBITS < (UVSIZE * 8) */ } #endif /* USE_HASH_SEED_EXPLICIT */ - if ((s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG"))) + if (!PL_tainting && (s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG"))) PerlIO_printf(Perl_debug_log, "HASH_SEED = %"UVuf"\n", PL_hash_seed); }