Thread

  1. Re: The Axe list

    D'Arcy Cain <darcy@druid.net> — 2008-10-12T14:41:21Z

    On Sun, 12 Oct 2008 12:57:58 +0300
    "Marko Kreen" <markokr@gmail.com> wrote:
    > On 10/11/08, D'Arcy J.M. Cain <darcy@druid.net> wrote:
    > >  +   if (!random_initialized)
    > >  +   {
    > >  +       srandom((unsigned int) time(NULL));
    > >  +       random_initialized = true;
    > >  +   }
    > 
    > This is bad idea, postgres already does srandom()
    
    Is that new?  I added that to my local version at one time because I
    was getting the same salt every time I ran it.
    
    > >  -                                * but I like to play safe */
    > >  +   mysalt[2] = 0;              /* technically the terminator is not
    > >  +                                * necessary but I like to play safe */
    > >     strcpy(result->password, crypt(str, mysalt));
    > >     PG_RETURN_POINTER(result);
    > >   }
    > 
    > Comment change only?  Ok.
    
    If that turns out to be the only change I won't bother.
    
    > >  +   if ((result = (char *) palloc(16)) != NULL)
    > >  +   {
    > >  +       result[0] = ':';
    > >  +       strcpy(result + 1, password->password);
    > >  +   }
    > 
    > AFAIK palloc() cannot return NULL?
    
    Really?  My program will simply come crashing down if there is a memory
    problem without giving me a chance to clean up?
    
    > >  +   if (!a1 || !a2)
    > >  +       PG_RETURN_BOOL(0);
    > >  +
    > >     text_to_cstring_buffer(a2, str, sizeof(str));
    > >     PG_RETURN_BOOL(strcmp(a1->password, crypt(str, a1->password)) == 0);
    > >   }
    > >  @@ -154,6 +166,9 @@ chkpass_ne(PG_FUNCTION_ARGS)
    > >     text       *a2 = PG_GETARG_TEXT_PP(1);
    > >     char        str[9];
    > >
    > >  +   if (!a1 || !a2)
    > >  +       PG_RETURN_BOOL(0);
    > >  +
    > >     text_to_cstring_buffer(a2, str, sizeof(str));
    > >     PG_RETURN_BOOL(strcmp(a1->password, crypt(str, a1->password)) != 0);
    > >
    > >  }
    > 
    > The functions are already defined as STRICT, so unnecessary.
    > Also returning non-NULL on NULL input seems to go against SQL style.
    
    I'm a belt and suspenders guy.  However, I agree that this is
    unneccessary.  So, I guess I just need to know, how long has PG been
    doing srandom().
    
    
    -- 
    D'Arcy J.M. Cain <darcy@druid.net>         |  Democracy is three wolves
    http://www.druid.net/darcy/                |  and a sheep voting on
    +1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.