diff options
-rw-r--r-- | hv.h | 17 | ||||
-rw-r--r-- | perl.c | 3 |
2 files changed, 15 insertions, 5 deletions
@@ -56,13 +56,22 @@ struct xpvhv { * (a) the hashed data being interpreted as "unsigned char" (new since 5.8, * a "char" can be either signed or signed, depending on the compiler) * (b) catering for old code that uses a "char" + * * The "hash seed" feature was added in Perl 5.8.1 to perturb the results * to avoid "algorithmic complexity attacks". + * + * If USE_HASH_SEED is defined, hash randomisation is done by default + * If USE_HASH_SEED_EXPLICIT is defined, hash randomisation is done + * only if the environment variable PERL_HASH_SEED is set. + * For maximal control, one can define PERL_HASH_SEED. + * (see also erl.c:perl_parse()). */ -#if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT) -# define PERL_HASH_SEED PL_hash_seed -#else -# define PERL_HASH_SEED 0 +#ifndef PERL_HASH_SEED +# if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT) +# define PERL_HASH_SEED PL_hash_seed +# else +# define PERL_HASH_SEED 0 +# endif #endif #define PERL_HASH(hash,str,len) \ STMT_START { \ @@ -901,7 +901,8 @@ setuid perl scripts securely.\n"); /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 * This MUST be done before any hash stores or fetches take place. * If you set PL_hash_seed (and assumedly also PL_hash_seed_set) yourself, - * it is your responsibility to provide a good random seed! */ + * it is your responsibility to provide a good random seed! + * You can also define PERL_HASH_SEED in compile time, see hv.h. */ if (!PL_hash_seed_set) PL_hash_seed = get_hash_seed(); { |