diff options
| author | Jarkko Hietaniemi <jhi@iki.fi> | 2003-07-11 00:03:33 +0000 |
|---|---|---|
| committer | Jarkko Hietaniemi <jhi@iki.fi> | 2003-07-11 00:03:33 +0000 |
| commit | bed601927f5ca7f54b544d9e5ce1f77461311b68 (patch) | |
| tree | 76f5d01619419491feebf3cfa159cb51489543cd /perl.c | |
| parent | 183c3da10ba46f0626790e1aa75f641397137480 (diff) | |
| download | perl-bed601927f5ca7f54b544d9e5ce1f77461311b68.tar.gz | |
Chicken out: the hash randomisation is not on by default.
We switch over to the explicit mode: in other words, if
the $ENV{PERL_HASH_SEED} is on, we randomise. Also, we
randomise only if PL_hash_seed_set is FALSE (this means
one can use PERL_HASH() before perl_run.) Also, since
now PERL_HASH_SEED is okay even under -T, all should be fine.
(Ha!)
p4raw-id: //depot/perl@20135
Diffstat (limited to 'perl.c')
| -rw-r--r-- | perl.c | 35 |
1 files changed, 11 insertions, 24 deletions
@@ -900,31 +900,18 @@ setuid perl scripts securely.\n"); #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT) /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 * This MUST be done before any hash stores or fetches take place. */ + if (!PL_hash_seed_set) + PL_hash_seed = get_seed(); { - char *s = PerlEnv_getenv("PERL_HASH_SEED"); - if (s) - while (isSPACE(*s)) s++; - if (s && isDIGIT(*s)) - PL_hash_seed = (UV)Atoul(s); -#ifndef USE_HASH_SEED_EXPLICIT - else { - /* Compute a random seed */ - (void)seedDrand01((Rand_seed_t)seed()); - PL_srand_called = TRUE; - PL_hash_seed = (UV)(Drand01() * (NV)UV_MAX); -#if RANDBITS < (UVSIZE * 8) - /* Since there are not enough randbits to to reach all - * the bits of a UV, the low bits might need extra - * help. Sum in another random number that will - * fill in the low bits. */ - PL_hash_seed += - (UV)(Drand01() * (NV)((1 << ((UVSIZE * 8 - RANDBITS))) - 1)); -#endif /* RANDBITS < (UVSIZE * 8) */ - } -#endif /* #ifndef USE_HASH_SEED_EXPLICIT */ - if ((s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG"))) - PerlIO_printf(Perl_debug_log, "HASH_SEED = %"UVuf"\n", - PL_hash_seed); + char *s = PerlEnv_getenv("PERL_HASH_SEED_DEBUG"); + + if (s) { + int i = atoi(s); + + if (i == 1) + PerlIO_printf(Perl_debug_log, "HASH_SEED = %"UVuf"\n", + PL_hash_seed); + } } #endif /* #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT) */ |