diff options
| author | Georg Brandl <georg@python.org> | 2012-02-20 20:31:46 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2012-02-20 20:31:46 (GMT) |
| commit | 09a7c72cad48f568e0781541167cf9ea6a3f0760 (patch) | |
| tree | d925894bfc3662e33c03ff7b6b2c5e9e38749b73 /Modules/main.c | |
| parent | fee358b0df547e9451cfb0b3d25980e6cc7177cc (diff) | |
| parent | 2daf6ae2495c862adf8bc717bfe9964081ea0b10 (diff) | |
| download | cpython-09a7c72cad48f568e0781541167cf9ea6a3f0760.zip cpython-09a7c72cad48f568e0781541167cf9ea6a3f0760.tar.gz cpython-09a7c72cad48f568e0781541167cf9ea6a3f0760.tar.bz2 | |
Merge from 3.1: Issue #13703: add a way to randomize the hash values of basic types (str, bytes, datetime)
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated.
The environment variable PYTHONHASHSEED and the new command line flag -R control this
behavior.
Diffstat (limited to 'Modules/main.c')
| -rw-r--r-- | Modules/main.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/Modules/main.c b/Modules/main.c index 5a985a5..ed84aa0 100644 --- a/Modules/main.c +++ b/Modules/main.c @@ -46,7 +46,7 @@ static wchar_t **orig_argv; static int orig_argc; /* command line options */ -#define BASE_OPTS L"bBc:dEhiJm:OqsStuvVW:xX:?" +#define BASE_OPTS L"bBc:dEhiJm:OqRsStuvVW:xX:?" #define PROGRAM_OPTS BASE_OPTS @@ -72,6 +72,9 @@ static char *usage_2 = "\ -O : optimize generated bytecode slightly; also PYTHONOPTIMIZE=x\n\ -OO : remove doc-strings in addition to the -O optimizations\n\ -q : don't print version and copyright messages on interactive startup\n\ +-R : use a pseudo-random salt to make hash() values of various types be\n\ + unpredictable between separate invocations of the interpreter, as\n\ + a defence against denial-of-service attacks\n\ -s : don't add user site directory to sys.path; also PYTHONNOUSERSITE\n\ -S : don't imply 'import site' on initialization\n\ "; @@ -99,8 +102,14 @@ static char *usage_5 = "PYTHONHOME : alternate <prefix> directory (or <prefix>%c<exec_prefix>).\n" " The default module search path uses %s.\n" "PYTHONCASEOK : ignore case in 'import' statements (Windows).\n" -"PYTHONIOENCODING: Encoding[:errors] used for stdin/stdout/stderr.\n" -; +"PYTHONIOENCODING: Encoding[:errors] used for stdin/stdout/stderr.\n\ +"; +static char *usage_6 = "\ +PYTHONHASHSEED: if this variable is set to ``random``, the effect is the same \n\ + as specifying the :option:`-R` option: a random value is used to seed the\n\ + hashes of str, bytes and datetime objects. It can also be set to an integer\n\ + in the range [0,4294967295] to get hash values with a predictable seed.\n\ +"; static int usage(int exitcode, wchar_t* program) @@ -116,6 +125,7 @@ usage(int exitcode, wchar_t* program) fputs(usage_3, f); fprintf(f, usage_4, DELIM); fprintf(f, usage_5, DELIM, PYTHONHOMEHELP); + fputs(usage_6, f); } #if defined(__VMS) if (exitcode == 0) { @@ -429,6 +439,10 @@ Py_Main(int argc, wchar_t **argv) Py_QuietFlag++; break; + case 'R': + Py_HashRandomizationFlag++; + break; + /* This space reserved for other options */ default: |