------------------------------------------------------------
revno: 12393
revision-id: squid3@treenet.co.nz-20121124015949-pqzjpda8ywzmzno1
parent: squid3@treenet.co.nz-20121124015847-7lbp5y6xz4uxp29y
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.3
timestamp: Fri 2012-11-23 18:59:49 -0700
message:
  digest_file_auth: Improved error handling
  
  Adds missing error handling when pasword file fails to open for any
  reason.
  
  Skips records with missing username in password file.Displays an error
  message instead of crashing.
  
   Detected by Coverity Scan. Issues 740400, 740401
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20121124015949-pqzjpda8ywzmzno1
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
# testament_sha1: 21432d4b6762f8122ae01c5637039eaa865a656f
# timestamp: 2012-11-24 02:04:44 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
# base_revision_id: squid3@treenet.co.nz-20121124015847-\
#   7lbp5y6xz4uxp29y
# 
# Begin patch
=== modified file 'helpers/digest_auth/file/text_backend.cc'
--- helpers/digest_auth/file/text_backend.cc	2012-01-20 18:55:04 +0000
+++ helpers/digest_auth/file/text_backend.cc	2012-11-24 01:59:49 +0000
@@ -56,7 +56,6 @@
 static void
 read_passwd_file(const char *passwordFile, int isHa1Mode)
 {
-    FILE *f;
     char buf[8192];
     user_data *u;
     char *user;
@@ -73,12 +72,22 @@
         fprintf(stderr, "digest_file_auth: cannot create hash table\n");
         exit(1);
     }
-    f = fopen(passwordFile, "r");
-    while (fgets(buf, 8192, f) != NULL) {
+    FILE *f = fopen(passwordFile, "r");
+    if (!f) {
+        fprintf(stderr, "digest_file_auth: cannot open password file: %s\n", xstrerror());
+        exit(1);
+    }
+    unsigned int lineCount = 0;
+    while (fgets(buf, sizeof(buf), f) != NULL) {
+        ++lineCount;
         if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
                 (buf[0] == '\n'))
             continue;
         user = strtok(buf, ":\n");
+        if (!user) {
+            fprintf(stderr, "digest_file_auth: missing user name at line %u in '%s'\n", lineCount, passwordFile);
+            continue;
+        }
         realm = strtok(NULL, ":\n");
         passwd = strtok(NULL, ":\n");
         if (!passwd) {