------------------------------------------------------------ revno: 12397 revision-id: squid3@treenet.co.nz-20121124020412-ce5z1kjk1xqt4a7m parent: squid3@treenet.co.nz-20121124020343-gopwnyay121d0p7p committer: Amos Jeffries branch nick: 3.3 timestamp: Fri 2012-11-23 19:04:12 -0700 message: ext_time_quota_acl: Polish and handle bad input better * Send BH response code when username field is missing or empty on the input line received from Squid (or manually typed) * Display error message on broken config file lines and skip instead of crashing. * Polish out some unused assignments. Detected by Coverity Scan. Issues 740404, 740405, 740591 ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20121124020412-ce5z1kjk1xqt4a7m # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # testament_sha1: 5efbe5147645d1270274a1392b47e9802b32fe35 # timestamp: 2012-11-24 02:04:53 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # base_revision_id: squid3@treenet.co.nz-20121124020343-\ # gopwnyay121d0p7p # # Begin patch === modified file 'helpers/external_acl/file_userip/ext_file_userip_acl.cc' --- helpers/external_acl/file_userip/ext_file_userip_acl.cc 2012-11-24 02:03:43 +0000 +++ helpers/external_acl/file_userip/ext_file_userip_acl.cc 2012-11-24 02:04:12 +0000 @@ -217,7 +217,6 @@ int main (int argc, char *argv[]) { - FILE *FH; char *filename = NULL; char *program_name = argv[0]; char *cp; === modified file 'helpers/external_acl/time_quota/ext_time_quota_acl.cc' --- helpers/external_acl/time_quota/ext_time_quota_acl.cc 2012-08-28 13:00:30 +0000 +++ helpers/external_acl/time_quota/ext_time_quota_acl.cc 2012-11-24 02:04:12 +0000 @@ -264,7 +264,9 @@ FH = fopen(filename, "r"); if ( FH ) { /* the pointer to the first entry in the linked list */ - while ((cp = fgets (line, sizeof(line), FH)) != NULL) { + unsigned int lineCount = 0; + while (fgets(line, sizeof(line), FH)) { + ++lineCount; if (line[0] == '#') { continue; } @@ -272,13 +274,18 @@ /* chop \n characters */ *cp = '\0'; } - log_debug("read config line \"%s\".\n", line); - if ((cp = strtok (line, "\t ")) != NULL) { - username = cp; + log_debug("read config line %u: \"%s\".\n", lineCount, line); + if ((username = strtok(line, "\t ")) != NULL) { /* get the time budget */ - budget = strtok (NULL, "/"); - period = strtok (NULL, "/"); + if ((budget = strtok(NULL, "/")) == NULL) { + fprintf(stderr, "ERROR: missing 'budget' field on line %u of '%s'.\n", lineCount, filename); + continue; + } + if ((period = strtok(NULL, "/")) == NULL) { + fprintf(stderr, "ERROR: missing 'period' field on line %u of '%s'.\n", lineCount, filename); + continue; + } parseTime(budget, &budgetSecs, &start); parseTime(period, &periodSecs, &start); @@ -437,10 +444,12 @@ log_info("Waiting for requests...\n"); while (fgets(request, HELPER_INPUT_BUFFER, stdin)) { - // we expect the following line syntax: "%LOGIN - const char *user_key = NULL; - user_key = strtok(request, " \n"); - + // we expect the following line syntax: %LOGIN + const char *user_key = strtok(request, " \n"); + if (!user_key) { + SEND_BH("message=\"User name missing\""); + continue; + } processActivity(user_key); } log_info("Ending %s\n", __FILE__);