Change 19861 by [EMAIL PROTECTED] on 2003/06/27 05:30:03
Do not obey PERL_HASH_SEED or PERL_HASH_SEED_DEBUG
if tainting-- but is this a good thing or a bad thing?
(At least it makes debugging lib/Hash/Util.t harder,
since it has, for no apparent good reason, -T: one must
make a copy of it without the -T.)
Affected files ...
... //depot/perl/perl.c#489 edit
Differences ...
==== //depot/perl/perl.c#489 (text) ====
Index: perl/perl.c
--- perl/perl.c#488~19859~ Thu Jun 26 21:59:23 2003
+++ perl/perl.c Thu Jun 26 22:30:03 2003
@@ -278,7 +278,10 @@
#if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
/* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 */
{
- char *s = PerlEnv_getenv("PERL_HASH_SEED");
+ char *s = NULL;
+
+ if (!PL_tainting)
+ s = PerlEnv_getenv("PERL_HASH_SEED");
if (s)
while (isSPACE(*s)) s++;
if (s && isDIGIT(*s))
@@ -299,7 +302,7 @@
#endif /* RANDBITS < (UVSIZE * 8) */
}
#endif /* USE_HASH_SEED_EXPLICIT */
- if ((s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG")))
+ if (!PL_tainting && (s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG")))
PerlIO_printf(Perl_debug_log, "HASH_SEED = %"UVuf"\n",
PL_hash_seed);
}
End of Patch.
