From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Fri, 27 Jun 2003 05:30:03 +0000 (+0000)
Subject: Do not obey PERL_HASH_SEED or PERL_HASH_SEED_DEBUG
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=d0d2ba8fa784ab4c88f64ef679c2c1ff6203412a;p=p5sagit%2Fp5-mst-13.2.git

Do not obey PERL_HASH_SEED or PERL_HASH_SEED_DEBUG
if tainting-- but is this a good thing or a bad thing?
(At least it makes debugging lib/Hash/Util.t harder,
since it has, for no apparent good reason, -T: one must
make a copy of it without the -T.)

p4raw-id: //depot/perl@19861
---

diff --git a/perl.c b/perl.c
index f8c1153..a4487fb 100644
--- a/perl.c
+++ b/perl.c
@@ -278,7 +278,10 @@ perl_construct(pTHXx)
 #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
     /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 */
     {
-       char *s = PerlEnv_getenv("PERL_HASH_SEED");
+       char *s = NULL;
+
+       if (!PL_tainting)
+	   s = PerlEnv_getenv("PERL_HASH_SEED");
        if (s)
            while (isSPACE(*s)) s++;
        if (s && isDIGIT(*s))
@@ -299,7 +302,7 @@ perl_construct(pTHXx)
 #endif /* RANDBITS < (UVSIZE * 8) */
        }
 #endif /* USE_HASH_SEED_EXPLICIT */
-       if ((s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG")))
+       if (!PL_tainting && (s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG")))
 	   PerlIO_printf(Perl_debug_log, "HASH_SEED = %"UVuf"\n",
 			 PL_hash_seed);
     }