> However, at least one X server uses the memcmp() library function to
> compare the stored cookie with the cookie sent by the client. This func-
> tion is optimized for speed. In particular, the execution time of memcmp()
> is proportional to the position of the first non-matching byte in the two
> cookies.
Well, to a degree it does. Obviously it affects all sequential byte
comparisons. However, whether you can accurately detect it or not depends
on a lot of things. If you were trying to run this against a computer on
another network, the network congestion could easily mislead you, given
that the difference in comparing a key with 13 of the 16 bytes accurate
vs. 1 of 16 bytes accurate only differs by a few microseconds. If there
are a few microseconds of inconsistency with network congestion, your
results will be misleading.
With that said, if you were on a reliable LAN and the target computer
wasn't running other processes that could steal CPU time between system
calls and give misleading results, there is a few microseconds of
difference, as the following code shows:
unsigned char buf[16] =
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f";
unsigned char buf1[16] =
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x01\x01\x01";
unsigned char buf2[16] =
"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01";
gettimeofday(&start_time, NULL);
memcpy(buf, buf1, 16);
gettimeofday(&end_time, NULL);
printf("%ld seconds and %ld microseconds\n",
end_time.tv_sec - start_time.tv_sec,
end_time.tv_usec - start_time.tv_usec);
gettimeofday(&start_time, NULL);
memcpy(buf, buf1, 16);
gettimeofday(&end_time, NULL);
printf("%ld seconds and %ld microseconds\n",
end_time.tv_sec - start_time.tv_sec,
end_time.tv_usec - start_time.tv_usec);
The difference on a 600 MHz processor is 6-7 microseconds:
0 seconds and 8 microseconds
0 seconds and 1 microseconds
Matthew Conover
Received on May 21 2001
Intro
