Bite the bullet and apply the hash randomisation patch.

[perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 p4raw-id: //depot/perl@19854
author: Jarkko Hietaniemi <jhi@iki.fi> 2003-06-26 05:32:02 +0000
committer: Jarkko Hietaniemi <jhi@iki.fi> 2003-06-26 05:32:02 +0000
commit: 504f80c1f3625809f472c1ce21089fdae860d9fd (patch)
tree: cfeaae7da4b08f0f27798122ecbf4f1efba3b8cb /hv.h
parent: 14180c03bf5269934b197b82e34fd4696ad1053d (diff)
download: perl-504f80c1f3625809f472c1ce21089fdae860d9fd.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/hv.h b/hv.h
index 6a51ca40b2..c43fc57b2d 100644
--- a/hv.h
+++ b/hv.h
@@ -56,13 +56,20 @@ struct xpvhv {
  * (a) the hashed data being interpreted as "unsigned char" (new since 5.8,
  *     a "char" can be either signed or signed, depending on the compiler)
  * (b) catering for old code that uses a "char"
+ * The "hash seed" feature was added in Perl 5.8.1 to perturb the results
+ * to avoid "algorithmic complexity attacks".
  */
+#if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
+#   define PERL_HASH_SEED	PL_hash_seed
+#else
+#   define PERL_HASH_SEED	0
+#endif
 #define PERL_HASH(hash,str,len) \
      STMT_START	{ \
 	register const char *s_PeRlHaSh_tmp = str; \
 	register const unsigned char *s_PeRlHaSh = (const unsigned char *)s_PeRlHaSh_tmp; \
 	register I32 i_PeRlHaSh = len; \
-	register U32 hash_PeRlHaSh = 0; \
+	register U32 hash_PeRlHaSh = PERL_HASH_SEED; \
 	while (i_PeRlHaSh--) { \
 	    hash_PeRlHaSh += *s_PeRlHaSh++; \
 	    hash_PeRlHaSh += (hash_PeRlHaSh << 10); \
author	Jarkko Hietaniemi <jhi@iki.fi>	2003-06-26 05:32:02 +0000
committer	Jarkko Hietaniemi <jhi@iki.fi>	2003-06-26 05:32:02 +0000
commit	504f80c1f3625809f472c1ce21089fdae860d9fd (patch)
tree	cfeaae7da4b08f0f27798122ecbf4f1efba3b8cb /hv.h
parent	14180c03bf5269934b197b82e34fd4696ad1053d (diff)
download	perl-504f80c1f3625809f472c1ce21089fdae860d9fd.tar.gz