------------------------------------------------------------
revno: 11710
revision-id: squid3@treenet.co.nz-20121126083549-wx9ejjptknp7r7fa
parent: squid3@treenet.co.nz-20121126083513-0ogjpbo3quuayyxd
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.2
timestamp: Mon 2012-11-26 01:35:49 -0700
message:
  digest_file_auth: Improved error handling
  
  Adds missing error handling when pasword file fails to open for any
  reason.
  
  Skips records with missing username in password file.Displays an error
  message instead of crashing.
  
   Detected by Coverity Scan. Issues 740400, 740401
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20121126083549-wx9ejjptknp7r7fa
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_2
# testament_sha1: 1a1e0607db10ababba3aed41d11d2eb31a8ebf6f
# timestamp: 2012-11-26 08:37:03 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_2
# base_revision_id: squid3@treenet.co.nz-20121126083513-\
#   0ogjpbo3quuayyxd
# 
# Begin patch
=== modified file 'helpers/digest_auth/file/text_backend.cc'
--- helpers/digest_auth/file/text_backend.cc	2012-02-05 06:09:46 +0000
+++ helpers/digest_auth/file/text_backend.cc	2012-11-26 08:35:49 +0000
@@ -56,7 +56,6 @@
 static void
 read_passwd_file(const char *passwordFile, int isHa1Mode)
 {
-    FILE *f;
     char buf[8192];
     user_data *u;
     char *user;
@@ -73,12 +72,22 @@
         fprintf(stderr, "digest_file_auth: cannot create hash table\n");
         exit(1);
     }
-    f = fopen(passwordFile, "r");
-    while (fgets(buf, 8192, f) != NULL) {
+    FILE *f = fopen(passwordFile, "r");
+    if (!f) {
+        fprintf(stderr, "digest_file_auth: cannot open password file: %s\n", xstrerror());
+        exit(1);
+    }
+    unsigned int lineCount = 0;
+    while (fgets(buf, sizeof(buf), f) != NULL) {
+        ++lineCount;
         if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
                 (buf[0] == '\n'))
             continue;
         user = strtok(buf, ":\n");
+        if (!user) {
+            fprintf(stderr, "digest_file_auth: missing user name at line %u in '%s'\n", lineCount, passwordFile);
+            continue;
+        }
         realm = strtok(NULL, ":\n");
         passwd = strtok(NULL, ":\n");
         if (!passwd) {