mirror of
https://github.com/python/cpython.git
synced 2025-07-12 22:05:16 +00:00
Merge from 3.1: Issue #13703: add a way to randomize the hash values of basic types (str, bytes, datetime)
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated. The environment variable PYTHONHASHSEED and the new command line flag -R control this behavior.
This commit is contained in:
commit
09a7c72cad
34 changed files with 676 additions and 162 deletions
|
@ -70,6 +70,7 @@ extern void _PyUnicode_Init(void);
|
|||
extern void _PyUnicode_Fini(void);
|
||||
extern int _PyLong_Init(void);
|
||||
extern void PyLong_Fini(void);
|
||||
extern void _PyRandom_Init(void);
|
||||
|
||||
#ifdef WITH_THREAD
|
||||
extern void _PyGILState_Init(PyInterpreterState *, PyThreadState *);
|
||||
|
@ -89,6 +90,7 @@ int Py_FrozenFlag; /* Needed by getpath.c */
|
|||
int Py_IgnoreEnvironmentFlag; /* e.g. PYTHONPATH, PYTHONHOME */
|
||||
int Py_NoUserSiteDirectory = 0; /* for -s and site.py */
|
||||
int Py_UnbufferedStdioFlag = 0; /* Unbuffered binary std{in,out,err} */
|
||||
int Py_HashRandomizationFlag = 0; /* for -R and PYTHONHASHSEED */
|
||||
|
||||
PyThreadState *_Py_Finalizing = NULL;
|
||||
|
||||
|
@ -207,6 +209,12 @@ Py_InitializeEx(int install_sigs)
|
|||
Py_OptimizeFlag = add_flag(Py_OptimizeFlag, p);
|
||||
if ((p = Py_GETENV("PYTHONDONTWRITEBYTECODE")) && *p != '\0')
|
||||
Py_DontWriteBytecodeFlag = add_flag(Py_DontWriteBytecodeFlag, p);
|
||||
/* The variable is only tested for existence here; _PyRandom_Init will
|
||||
check its value further. */
|
||||
if ((p = Py_GETENV("PYTHONHASHSEED")) && *p != '\0')
|
||||
Py_HashRandomizationFlag = add_flag(Py_HashRandomizationFlag, p);
|
||||
|
||||
_PyRandom_Init();
|
||||
|
||||
interp = PyInterpreterState_New();
|
||||
if (interp == NULL)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue