Change 20146 by [EMAIL PROTECTED] on 2003/07/11 05:12:43
Integrate:
[ 20145]
I think the API for mod_perl v2 should be simply that
PL_modperl sets the PL_hash_seed (and PL_hash_seed_set)
itself, hopefully from a good source of random bits.
Affected files ...
... //depot/maint-5.8/perl/perl.c#46 integrate
Differences ...
==== //depot/maint-5.8/perl/perl.c#46 (text) ====
Index: perl/perl.c
--- perl/perl.c#45~20136~ Thu Jul 10 17:05:20 2003
+++ perl/perl.c Thu Jul 10 22:12:43 2003
@@ -1029,7 +1029,9 @@
#if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
/* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0
- * This MUST be done before any hash stores or fetches take place. */
+ * This MUST be done before any hash stores or fetches take place.
+ * If you set PL_hash_seed (and assumedly also PL_hash_seed_set) yourself,
+ * it is your responsibility to provide a good random seed! */
if (!PL_hash_seed_set)
PL_hash_seed = get_seed();
{
End of Patch.
