[tpop3d-discuss] quick question
Chris Lightfoot
chris at ex-parrot.com
Thu, 21 Jun 2001 23:50:14 +0100
On Thu, Jun 21, 2001 at 02:18:21PM -0700, Nancy Pettigrew (work) wrote:
> Hi -
>
> I need to modify the auth_mysql.c to suit different authentication tables,
> so I've been perusing the auth_mysql_new_user_pass function in auth_mysql.c.
> Just curious about 1 line of code right now, line 446:
> query = (char*)malloc(l = (sizeof(user_pass_query_template) +
> strlen(user) * 2 + 1 + 34));
> Just curious as to the origin of the * 2 + 1 + 34 in the malloc - why those
> numbers, specifically?
char user_pass_query_template[] =
"SELECT domain.path, popbox.mbox_name, popbox.password_hash, domain.unix_user "
"FROM popbox, domain "
"WHERE popbox.local_part = '%s' "
"AND popbox.domain_name = '%s' "
"AND popbox.domain_name = domain.domain_name";
authcontext auth_mysql_new_user_pass(const char *user, const char *pass) {
/* ... */
query = (char*)malloc(l = (sizeof(user_pass_query_template) + strlen(user) * 2 + 1 + 34));
sizeof(user_pass_query_template) -- obvious; the fixed
part of the query, plus the terminating \0;
strlen(user) * 2 -- enough space for the username, if
every character has to be escaped;
1 -- an extra byte (probably there in case I'd miscounted
a terminating \0 ;) )
34 -- an extra 34 bytes to make the computer feel good. In
previous versions, the select statement was like
SELECT ... WHERE local_part = '%s' AND password_hash = '%s' AND ...
because the only sort of password hash supported was a
straight MD5 hex hash; hence, another 32 byte + 2 * "'"
was needed for this bit of the query.
So, it wastes (but then frees) an extra 34 bytes for each
query. Well spotted :)
--
Chris Lightfoot -- www.ex-parrot.com/~chris/
``Do we really need two North Dakotas?
I mean, we already have South Dakota as an emergency spare.'' (Scott Adams)