commit ff0a1945f4ecd2b95886d5b5f6cc48c4970cbe2b
from: Alisdair MacLeod <git@alisdairmacleod.co.uk>
date: Tue Mar 31 18:46:11 2026 UTC

Use hex lookup table instead of snprintf for CSRF token encoding

Replace 16 snprintf("%02x") calls with direct table lookups.
snprintf parses the format string on every iteration; the lookup
table converts each byte to two hex characters with simple shifts
and masks.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

commit - 41a02e31da797206529ed55ab14333524a6f10f1
commit + ff0a1945f4ecd2b95886d5b5f6cc48c4970cbe2b
blob - de40dba51b9eddd5aaf7bb40ee982ad49c5313ba
blob + 485217105ae3a1a63d324452005e02bc2b69ad86
--- cgi.c
+++ cgi.c
@@ -323,14 +323,17 @@ cgi_csrf_clear(void)
 char *
 cgi_csrf_generate(void)
 {
+	static const char hex[] = "0123456789abcdef";
 	unsigned char	 buf[16];
 
 	arc4random_buf(buf, sizeof(buf));
 	char *token = malloc(sizeof(buf) * 2 + 1);
 	if (token == NULL)
 		return NULL;
-	for (int i = 0; i < (int)sizeof(buf); i++)
-		snprintf(token + i * 2, 3, "%02x", buf[i]);
+	for (int i = 0; i < (int)sizeof(buf); i++) {
+		token[i * 2]     = hex[buf[i] >> 4];
+		token[i * 2 + 1] = hex[buf[i] & 0x0f];
+	}
 	token[sizeof(buf) * 2] = '\0';
 	return token;
 }