Do not obey PERL_HASH_SEED or PERL_HASH_SEED_DEBUG

if tainting-- but is this a good thing or a bad thing? (At least it makes debugging lib/Hash/Util.t harder, since it has, for no apparent good reason, -T: one must make a copy of it without the -T.) p4raw-id: //depot/perl@19861
author: Jarkko Hietaniemi <jhi@iki.fi> 2003-06-27 05:30:03 +0000
committer: Jarkko Hietaniemi <jhi@iki.fi> 2003-06-27 05:30:03 +0000
commit: d0d2ba8fa784ab4c88f64ef679c2c1ff6203412a (patch)
tree: fa575395f180ab629f8f807fd955448192e2aabb /perl.c
parent: 3debabd9ba8d62a4b7656b07d06b582de8063b12 (diff)
download: perl-d0d2ba8fa784ab4c88f64ef679c2c1ff6203412a.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/perl.c b/perl.c
index f8c1153c94..a4487fb109 100644
--- a/perl.c
+++ b/perl.c
@@ -278,7 +278,10 @@ perl_construct(pTHXx)
 #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
     /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 */
     {
-       char *s = PerlEnv_getenv("PERL_HASH_SEED");
+       char *s = NULL;
+
+       if (!PL_tainting)
+	   s = PerlEnv_getenv("PERL_HASH_SEED");
        if (s)
            while (isSPACE(*s)) s++;
        if (s && isDIGIT(*s))
@@ -299,7 +302,7 @@ perl_construct(pTHXx)
 #endif /* RANDBITS < (UVSIZE * 8) */
        }
 #endif /* USE_HASH_SEED_EXPLICIT */
-       if ((s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG")))
+       if (!PL_tainting && (s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG")))
 	   PerlIO_printf(Perl_debug_log, "HASH_SEED = %"UVuf"\n",
 			 PL_hash_seed);
     }
author	Jarkko Hietaniemi <jhi@iki.fi>	2003-06-27 05:30:03 +0000
committer	Jarkko Hietaniemi <jhi@iki.fi>	2003-06-27 05:30:03 +0000
commit	d0d2ba8fa784ab4c88f64ef679c2c1ff6203412a (patch)
tree	fa575395f180ab629f8f807fd955448192e2aabb /perl.c
parent	3debabd9ba8d62a4b7656b07d06b582de8063b12 (diff)
download	perl-d0d2ba8fa784ab4c88f64ef679c2c1ff6203412a.tar.gz