[tpop3d-discuss] quick question

[Chris Lightfoot]

On Thu, Jun 21, 2001 at 02:18:21PM -0700, Nancy Pettigrew (work) wrote:
> Hi -
> 
> I need to modify the auth_mysql.c to suit different authentication tables,
> so I've been perusing the auth_mysql_new_user_pass function in auth_mysql.c.
> Just curious about 1 line of code right now, line 446:
>     query = (char*)malloc(l = (sizeof(user_pass_query_template) +
> strlen(user) * 2 + 1 + 34));
> Just curious as to the origin of the * 2 + 1 + 34 in the malloc - why those
> numbers, specifically?


char user_pass_query_template[] =
    "SELECT domain.path, popbox.mbox_name, popbox.password_hash, domain.unix_user "
      "FROM popbox, domain "
     "WHERE popbox.local_part = '%s' "
       "AND popbox.domain_name = '%s' "
       "AND popbox.domain_name = domain.domain_name";
authcontext auth_mysql_new_user_pass(const char *user, const char *pass) {

        /* ... */

    query = (char*)malloc(l = (sizeof(user_pass_query_template) + strlen(user) * 2 + 1 + 34));


sizeof(user_pass_query_template) -- obvious; the fixed
part of the query, plus the terminating \0;

strlen(user) * 2 -- enough space for the username, if
every character has to be escaped;

1 -- an extra byte (probably there in case I'd miscounted
a terminating \0 ;) )

34 -- an extra 34 bytes to make the computer feel good. In
previous versions, the select statement was like

SELECT ... WHERE local_part = '%s' AND password_hash = '%s' AND ...

because the only sort of password hash supported was a
straight MD5 hex hash; hence, another 32 byte + 2 * "'"
was needed for this bit of the query.

So, it wastes (but then frees) an extra 34 bytes for each
query. Well spotted :)


-- 
Chris Lightfoot -- www.ex-parrot.com/~chris/
 ``Do we really need two North Dakotas?
   I mean, we already have South Dakota as an emergency spare.'' (Scott Adams)