Change 20145 by [EMAIL PROTECTED] on 2003/07/11 05:07:09
I think the API for mod_perl v2 should be simply that
PL_modperl sets the PL_hash_seed (and PL_hash_seed_set)
itself, hopefully from a good source of random bits.
Affected files ...
... //depot/perl/perl.c#511 edit
Differences ...
==== //depot/perl/perl.c#511 (text) ====
Index: perl/perl.c
--- perl/perl.c#510~20135~ Thu Jul 10 17:03:33 2003
+++ perl/perl.c Thu Jul 10 22:07:09 2003
@@ -899,7 +899,9 @@
#if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
/* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0
- * This MUST be done before any hash stores or fetches take place. */
+ * This MUST be done before any hash stores or fetches take place.
+ * If you set PL_hash_seed (and assumedly also PL_hash_seed_set) yourself,
+ * it is your responsibility to provide a good random seed! */
if (!PL_hash_seed_set)
PL_hash_seed = get_seed();
{
End of Patch.
