Re: [HACKERS] The Axe list

Sun, 12 Oct 2008 07:41:48 -0700 

On Sun, 12 Oct 2008 12:57:58 +0300
"Marko Kreen" <[EMAIL PROTECTED]> wrote:
> On 10/11/08, D'Arcy J.M. Cain <[EMAIL PROTECTED]> wrote:
> >  +   if (!random_initialized)
> >  +   {
> >  +       srandom((unsigned int) time(NULL));
> >  +       random_initialized = true;
> >  +   }
> 
> This is bad idea, postgres already does srandom()

Is that new?  I added that to my local version at one time because I
was getting the same salt every time I ran it.

> >  -                                * but I like to play safe */
> >  +   mysalt[2] = 0;              /* technically the terminator is not
> >  +                                * necessary but I like to play safe */
> >     strcpy(result->password, crypt(str, mysalt));
> >     PG_RETURN_POINTER(result);
> >   }
> 
> Comment change only?  Ok.

If that turns out to be the only change I won't bother.

> >  +   if ((result = (char *) palloc(16)) != NULL)
> >  +   {
> >  +       result[0] = ':';
> >  +       strcpy(result + 1, password->password);
> >  +   }
> 
> AFAIK palloc() cannot return NULL?

Really?  My program will simply come crashing down if there is a memory
problem without giving me a chance to clean up?

> >  +   if (!a1 || !a2)
> >  +       PG_RETURN_BOOL(0);
> >  +
> >     text_to_cstring_buffer(a2, str, sizeof(str));
> >     PG_RETURN_BOOL(strcmp(a1->password, crypt(str, a1->password)) == 0);
> >   }
> >  @@ -154,6 +166,9 @@ chkpass_ne(PG_FUNCTION_ARGS)
> >     text       *a2 = PG_GETARG_TEXT_PP(1);
> >     char        str[9];
> >
> >  +   if (!a1 || !a2)
> >  +       PG_RETURN_BOOL(0);
> >  +
> >     text_to_cstring_buffer(a2, str, sizeof(str));
> >     PG_RETURN_BOOL(strcmp(a1->password, crypt(str, a1->password)) != 0);
> >
> >  }
> 
> The functions are already defined as STRICT, so unnecessary.
> Also returning non-NULL on NULL input seems to go against SQL style.

I'm a belt and suspenders guy.  However, I agree that this is
unneccessary.  So, I guess I just need to know, how long has PG been
doing srandom().


-- 
D'Arcy J.M. Cain <[EMAIL PROTECTED]>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to