From: Kristofer Pettersson Date: October 10 2012 1:44pm Subject: bzr push into mysql-trunk branch (kristofer.pettersson:4701 to 4702) List-Archive: http://lists.mysql.com/commits/145012 Message-Id: <20121010134451.15300.33191.4702@ghost> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 4702 Kristofer Pettersson 2012-10-10 [merge] auto merge 5.6->trunk modified: sql/password.c 4701 Bjorn Munch 2012-10-10 [merge] Upmerge WL 6055 followup 5.6 -> trunk removed: support-files/my-huge.cnf.sh support-files/my-innodb-heavy-4G.cnf.sh support-files/my-large.cnf.sh support-files/my-medium.cnf.sh support-files/my-small.cnf.sh added: support-files/my-default.cnf.sh === modified file 'sql/password.c' --- a/sql/password.c 2012-06-28 13:48:07 +0000 +++ b/sql/password.c 2012-10-10 10:12:58 +0000 @@ -291,20 +291,29 @@ void make_password_from_salt_323(char *t */ /** - Generate string of printable random characters of requested length. + Generate string of printable pseudo random characters of requested length. - @param to[out] Buffer for generation; must be at least length+1 bytes + @param to[out] Buffer for generation; must be at least length+1 bytes long; result string is always null-terminated - length[in] How many random characters to put in buffer - rand_st Structure used for number generation + @param length[in] How many random characters to put in buffer + @param rand_st Structure used for number generation + + @note This function is restricted for use with + native_password_authenticate() because of security reasons. + + DON'T RELY ON THIS FUNCTION FOR A UNIFORMLY DISTRIBUTION OF BITS! + */ void create_random_string(char *to, uint length, struct rand_struct *rand_st) { char *end= to + length; - /* Use pointer arithmetics as it is faster way to do so. */ + /* + Warning: my_rnd() is a fast prng, but it doesn't necessarily have a uniform + distribution. + */ for (; to < end; to++) - *to= (char) (my_rnd_ssl(rand_st) * 94 + 33); + *to= (char) (my_rnd(rand_st) * 94 + 33); *to= '\0'; } No bundle (reason: useless for push emails).