1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

buildtools:pidl: avoid hash randomisation in pidl

Like many languages, Perl uses has randomisation to prevent nasty
users using crafted values that hash to the same number to effect a
denial of service. This means the traversal order of perl HASH tables
is different every time.

The IDL handed to pidl is trusted, so we don't really need
randomisation, but we do want to be sure the build is the same every
time.

I am not aware of hash randomisation causing problems, but it seems
prudent to avoid it.

We do a similar thing with PYTHONHASHSEED for the entire build.

Thanks to Freexian and the Debian LTS project for sponsoring this work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2024-05-28 12:17:06 +12:00 committed by Douglas Bagnall
parent ea78a5ce83
commit 068b366709

View File

@ -81,7 +81,9 @@ def SAMBA_PIDL(bld, pname, source,
else:
cc = 'CC="%s"' % bld.CONFIG_GET("CC")
t = bld(rule='cd ${PIDL_LAUNCH_DIR} && %s%s %s ${PERL} ${PIDL} --quiet ${OPTIONS} --outputdir ${OUTPUTDIR} -- "${IDLSRC}"' % (pidl_dev, cpp, cc),
t = bld(rule=('cd ${PIDL_LAUNCH_DIR} && PERL_HASH_SEED=0 %s%s %s ${PERL} '
'${PIDL} --quiet ${OPTIONS} --outputdir ${OUTPUTDIR} -- "${IDLSRC}"' %
(pidl_dev, cpp, cc)),
ext_out = '.c',
before = 'c',
update_outputs = True,