Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Shlomi Fish (918)

Shlomi Fish
  shlomif@iglu.org.il
http://www.shlomifish.org/
AOL IM: ShlomiFish (Add Buddy, Send Message)
Yahoo! ID: shlomif2 (Add User, Send Message)
Jabber: ShlomiFish@jabber.org

I'm a hacker of Perl, C, Shell, and occasionally other languages. Perl is my favourite language by far. I'm a member of the Israeli Perl Mongers, and contribute to and advocate open-source technologies. Technorati Profile [technorati.com]

Journal of Shlomi Fish (918)

Sunday June 18, 2006
12:48 PM

Bugzilla and srand()

[ #29944 ]

We didn't have a bugtracker at work, and since we needed it pretty badly, I volunteered to install bugzilla. After I got the root password, I was able to start the installation.

I downloaded the bugzilla 2.22 which is the latest stable version. And read the QUICKSTART guide. I ran checksetup.pl repeatedly to look for uninstalled CPAN modules, and installed them using Ovid (the CPAN-to-RPM gateway, not Curtis "Ovid" Poe) and rpm. Then I set up a database.

I encountered a problem where Apache just displayed the code of the CGI scripts instead of running them. This was resolved by uncommenting an Apache directive from httpd.conf (it was pointed at the QUICKSTART guide by I assumed it was OK on our server). Then I tried to login with the password of the admin account. It did not work.

I changed the password, it did not work again. So I had to investigate. Turns out that the code for crypting the password is the following:

my @saltchars = (0..9, 'A'..'Z', 'a'..'z', '.', '/'); my $salt = ''; for ( my $i=0 ; $i < 8 ; ++$i ) { $salt .= $saltchars[rand(64)]; } my $cryptedpassword = crypt($password, $salt);

Now the rand() call is interesting. If we want it to be determinstic, than either srand() should be called previously or we can assume it will yield the same values on each invocation of Perl.

However, this happens:

$ perl -le 'print int(rand(10))' 8 $ perl -le 'print int(rand(10))' 5

And a grep for srand() on the bugzilla code yielded no result.

I added a call to srand() at the beginning of the module with a number I chose, and then it worked.

I wonder why the call to srand() is absent, and its need is not documented anywhere. There are also other possible problems with the portability of rand() and crypt(). In order to not completely slander bugzilla here, I'd like to add that except for the srand() issue, setting up bugzilla was very straightforward, and starting to administrate the bugs database was also a very pleasant experience. It truly is a fine, powerful and easy to use and setup product.

I recall that in the early DOS and XT-ROM versions of BASIC, the random number generator generated the same numbers on every invocation. Maybe that was also the case for perl5, but it obviously no longer is, so I wonder how come Bugzilla was not adapted yet.

And BTW, in case you're not monitoring Gabor Szabo's journal or the perl-qa mailing, you should check out this entry in his journal about slides for software testing with Perl.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • On modern perls at least, rand() will call srand() if it hasn't been called before.

    My perldoc -f srand says:
    If srand() is not called explicitly, it is called implicitly at the first use of the "rand" operator. However, this was not the case in versions of Perl before 5.004, so if your script will run under older Perl versions, it should call "srand".
  • Bugzilla is a hole-ridden hackfest that gives Perl a bad name. Try RT [bestpractical.com] instead; if non-Perl systems aren’t a problem, be sure to check out Trac [edgewall.com].