From 98cc293f9050b3134dd3308f3efac1d3f4c13398 Mon Sep 17 00:00:00 2001 From: Man Zeng Date: Mon, 5 Jan 2026 22:04:56 +0800 Subject: [PATCH] Precompute string lengths in PerformRadiusTransaction Avoid repeated strlen() calls on 'passwd' and 'secret' strings by caching their lengths at function entry. This is a micro-optimization that reduces function call overhead in the password encryption and response verification loops. --- src/backend/libpq/auth.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 795bfed8d19..77a97224535 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -2954,6 +2954,8 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por radius_packet *receivepacket = &radius_recv_pack; void *radius_buffer = &radius_send_pack; void *receive_buffer = &radius_recv_pack; + size_t passwd_len = strlen(passwd); + size_t secret_len = strlen(secret); int32 service = pg_hton32(RADIUS_AUTHENTICATE_ONLY); uint8 *cryptvector; int encryptedpasswordlen; @@ -3018,9 +3020,9 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por * and then: e[i] = p[i] XOR MD5(secret + e[i-1]) for the following ones * (if necessary) */ - encryptedpasswordlen = ((strlen(passwd) + RADIUS_VECTOR_LENGTH - 1) / RADIUS_VECTOR_LENGTH) * RADIUS_VECTOR_LENGTH; - cryptvector = palloc(strlen(secret) + RADIUS_VECTOR_LENGTH); - memcpy(cryptvector, secret, strlen(secret)); + encryptedpasswordlen = ((passwd_len + RADIUS_VECTOR_LENGTH - 1) / RADIUS_VECTOR_LENGTH) * RADIUS_VECTOR_LENGTH; + cryptvector = palloc(secret_len + RADIUS_VECTOR_LENGTH); + memcpy(cryptvector, secret, secret_len); /* for the first iteration, we use the Request Authenticator vector */ md5trailer = packet->vector; @@ -3028,7 +3030,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por { const char *errstr = NULL; - memcpy(cryptvector + strlen(secret), md5trailer, RADIUS_VECTOR_LENGTH); + memcpy(cryptvector + secret_len, md5trailer, RADIUS_VECTOR_LENGTH); /* * .. and for subsequent iterations the result of the previous XOR @@ -3036,7 +3038,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por */ md5trailer = encryptedpassword + i; - if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH, + if (!pg_md5_binary(cryptvector, secret_len + RADIUS_VECTOR_LENGTH, encryptedpassword + i, &errstr)) { ereport(LOG, @@ -3049,7 +3051,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por for (j = i; j < i + RADIUS_VECTOR_LENGTH; j++) { - if (j < strlen(passwd)) + if (j < passwd_len) encryptedpassword[j] = passwd[j] ^ encryptedpassword[j]; else encryptedpassword[j] = '\0' ^ encryptedpassword[j]; @@ -3216,7 +3218,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por * Verify the response authenticator, which is calculated as * MD5(Code+ID+Length+RequestAuthenticator+Attributes+Secret) */ - cryptvector = palloc(packetlength + strlen(secret)); + cryptvector = palloc(packetlength + secret_len); memcpy(cryptvector, receivepacket, 4); /* code+id+length */ memcpy(cryptvector + 4, packet->vector, RADIUS_VECTOR_LENGTH); /* request @@ -3227,10 +3229,10 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por memcpy(cryptvector + RADIUS_HEADER_LENGTH, (char *) receive_buffer + RADIUS_HEADER_LENGTH, packetlength - RADIUS_HEADER_LENGTH); - memcpy(cryptvector + packetlength, secret, strlen(secret)); + memcpy(cryptvector + packetlength, secret, secret_len); if (!pg_md5_binary(cryptvector, - packetlength + strlen(secret), + packetlength + secret_len, encryptedpassword, &errstr)) { ereport(LOG, -- 2.45.2