$NetBSD: patch-CVE-2012-1150-Python_pythonrun.c,v 1.1 2012/03/25 09:09:05 tron Exp $ Fix for CVE-2012-1150 taken from here: http://hg.python.org/cpython/rev/6b7704fe1be1 --- Python/pythonrun.c.orig 2010-05-25 23:40:38.000000000 +0100 +++ Python/pythonrun.c 2012-03-25 09:51:50.000000000 +0100 @@ -67,6 +67,7 @@ static void call_ll_exitfuncs(void); extern void _PyUnicode_Init(void); extern void _PyUnicode_Fini(void); +extern void _PyRandom_Init(void); #ifdef WITH_THREAD extern void _PyGILState_Init(PyInterpreterState *, PyThreadState *); @@ -89,6 +90,7 @@ true divisions (which they will be in 2.3). */ int _Py_QnewFlag = 0; int Py_NoUserSiteDirectory = 0; /* for -s and site.py */ +int Py_HashRandomizationFlag = 0; /* for -R and PYTHONHASHSEED */ /* PyModule_GetWarningsModule is no longer necessary as of 2.6 since _warnings is builtin. This API should not be used. */ @@ -166,6 +168,12 @@ Py_OptimizeFlag = add_flag(Py_OptimizeFlag, p); if ((p = Py_GETENV("PYTHONDONTWRITEBYTECODE")) && *p != '\0') Py_DontWriteBytecodeFlag = add_flag(Py_DontWriteBytecodeFlag, p); + /* The variable is only tested for existence here; _PyRandom_Init will + check its value further. */ + if ((p = Py_GETENV("PYTHONHASHSEED")) && *p != '\0') + Py_HashRandomizationFlag = add_flag(Py_HashRandomizationFlag, p); + + _PyRandom_Init(); interp = PyInterpreterState_New(); if (interp == NULL)