Passing a fixed length buffer to an external uid generator it likely to break in unexpected and potentially security sensitive ways. Since the input values (IP, time) and output value (cookie) are known to an attacker this presents a possible attack vector. In addition rvalue is from ap_get_remote_host()which may return a FQDN is the server is configured that way (yeah I know you'd have to be nuts but ...)
Passing a fixed length buffer to an external uid generator it likely to break in unexpected and potentially security sensitive ways. Since the input values (IP, time) and output value (cookie) are known to an attacker this presents a possible attack vector. In addition
rvalueis fromap_get_remote_host()which may return a FQDN is the server is configured that way (yeah I know you'd have to be nuts but ...)