/*
- * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
#include "acl/Checklist.h"
#include "acl/Ip.h"
#include "cache_cf.h"
-#include "Debug.h"
+#include "ConfigParser.h"
+#include "debug/Stream.h"
#include "ip/tools.h"
#include "MemBuf.h"
#include "wordlist.h"
acl_ip_data::toStr(char *buf, int len) const
{
char *b1 = buf;
- char *b2 = NULL;
- char *b3 = NULL;
+ char *b2 = nullptr;
+ char *b3 = nullptr;
int rlen = 0;
addr1.toStr(b1, len - rlen );
* is an entry in some address-based access control element. This
* function is called via ACLIP::match() and the splay library.
*/
-int
+static int
aclIpAddrNetworkCompare(acl_ip_data * const &p, acl_ip_data * const &q)
{
Ip::Address A = p->addr1;
if (mask.isIPv4()) {
/* locate what CIDR mask was _probably_ meant to be in its native protocol format. */
/* this will completely crap out with a security fail-open if the admin is playing mask tricks */
- /* however, thats their fault, and we do warn. see bug 2601 for the effects if we don't do this. */
+ /* however, that's their fault, and we do warn. see bug 2601 for the effects if we don't do this. */
unsigned int m = mask.cidr();
debugs(28, DBG_CRITICAL, "WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.");
debugs(28, DBG_CRITICAL, "WARNING: For now we will assume you meant to write /" << m);
LOCAL_ARRAY(char, addr1, 256);
LOCAL_ARRAY(char, addr2, 256);
LOCAL_ARRAY(char, mask, 256);
- acl_ip_data *r = NULL;
- acl_ip_data **Q = NULL;
+ acl_ip_data *r = nullptr;
+ acl_ip_data **Q = nullptr;
Ip::Address temp;
char c;
unsigned int changed;
*/
debugs(28, 5, "aclIpParseIpData: Lookup Host/IP " << addr1);
- struct addrinfo *hp = NULL, *x = NULL;
+ struct addrinfo *hp = nullptr, *x = nullptr;
struct addrinfo hints;
- Ip::Address *prev_addr = NULL;
+ Ip::Address *prev_addr = nullptr;
memset(&hints, 0, sizeof(struct addrinfo));
- int errcode = getaddrinfo(addr1,NULL,&hints,&hp);
- if (hp == NULL) {
+ int errcode = getaddrinfo(addr1,nullptr,&hints,&hp);
+ if (hp == nullptr) {
+ delete q;
if (strcmp(addr1, "::1") == 0) {
debugs(28, DBG_IMPORTANT, "aclIpParseIpData: IPv6 has not been enabled in host DNS resolver.");
- delete q;
} else {
- debugs(28, DBG_CRITICAL, "aclIpParseIpData: Bad host/IP: '" << addr1 <<
+ debugs(28, DBG_CRITICAL, "ERROR: aclIpParseIpData: Bad host/IP: '" << addr1 <<
"' in '" << t << "', flags=" << hints.ai_flags <<
" : (" << errcode << ") " << gai_strerror(errcode) );
self_destruct();
}
- return NULL;
+ return nullptr;
}
Q = &q;
- for (x = hp; x != NULL;) {
- if ((r = *Q) == NULL)
+ for (x = hp; x != nullptr;) {
+ if ((r = *Q) == nullptr)
r = *Q = new acl_ip_data;
/* getaddrinfo given a host has a nasty tendency to return duplicate addr's */
if ( prev_addr && r->addr1 == *prev_addr) {
debugs(28, 3, "aclIpParseIpData: Duplicate host/IP: '" << r->addr1 << "' dropped.");
delete r;
- *Q = NULL;
+ *Q = nullptr;
continue;
} else
prev_addr = &r->addr1;
debugs(28, 3, "" << addr1 << " --> " << r->addr1 );
}
- if (*Q != NULL) {
- debugs(28, DBG_CRITICAL, "aclIpParseIpData: Bad host/IP: '" << t << "'");
+ freeaddrinfo(hp);
+
+ if (*Q != nullptr) {
+ debugs(28, DBG_CRITICAL, "ERROR: aclIpParseIpData: Bad host/IP: '" << t << "'");
self_destruct();
- return NULL;
+ return nullptr;
}
- freeaddrinfo(hp);
-
return q;
}
if ( iptype == AF_INET6 && !Ip::EnableIpv6) {
debugs(28, DBG_IMPORTANT, "aclIpParseIpData: IPv6 has not been enabled.");
delete q;
- return NULL;
+ return nullptr;
}
/* Decode addr1 */
if (!*addr1 || !(q->addr1 = addr1)) {
- debugs(28, DBG_CRITICAL, "aclIpParseIpData: unknown first address in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "ERROR: aclIpParseIpData: unknown first address in '" << t << "'");
delete q;
self_destruct();
- return NULL;
+ return nullptr;
}
/* Decode addr2 */
if (!*addr2)
q->addr2.setAnyAddr();
else if (!(q->addr2=addr2) ) {
- debugs(28, DBG_CRITICAL, "aclIpParseIpData: unknown second address in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "ERROR: aclIpParseIpData: unknown second address in '" << t << "'");
delete q;
self_destruct();
- return NULL;
+ return nullptr;
}
/* Decode mask (NULL or empty means a exact host mask) */
if (!DecodeMask(mask, q->mask, iptype)) {
- debugs(28, DBG_CRITICAL, "aclParseIpData: unknown netmask '" << mask << "' in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "ERROR: aclParseIpData: unknown netmask '" << mask << "' in '" << t << "'");
delete q;
self_destruct();
- return NULL;
+ return nullptr;
}
changed = 0;
changed += q->addr2.applyMask(q->mask);
if (changed)
- debugs(28, DBG_CRITICAL, "aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "WARNING: aclIpParseIpData: Netmask masks away part of the specified IP in '" << t << "'");
- debugs(28,9, HERE << "Parsed: " << q->addr1 << "-" << q->addr2 << "/" << q->mask << "(/" << q->mask.cidr() <<")");
+ debugs(28,9, "Parsed: " << q->addr1 << "-" << q->addr2 << "/" << q->mask << "(/" << q->mask.cidr() <<")");
/* 1.2.3.4/255.255.255.0 --> 1.2.3.0 */
/* Same as IPv6 (not so trivial to depict) */
void
ACLIP::parse()
{
- if (data == NULL)
+ if (data == nullptr)
data = new IPSplay();
- flags.parseFlags();
-
- while (char *t = strtokFile()) {
+ while (char *t = ConfigParser::strtokFile()) {
acl_ip_data *q = acl_ip_data::FactoryParse(t);
- while (q != NULL) {
+ while (q != nullptr) {
/* pop each result off the list and add it to the data tree individually */
acl_ip_data *next_node = q->next;
- q->next = NULL;
- data->insert(q, acl_ip_data::NetworkCompare);
+ q->next = nullptr;
+ if (!data->find(q,acl_ip_data::NetworkCompare))
+ data->insert(q, acl_ip_data::NetworkCompare);
q = next_node;
}
}
}
int
-ACLIP::match(Ip::Address &clientip)
+ACLIP::match(const Ip::Address &clientip)
{
static acl_ip_data ClientAddress;
/*
const acl_ip_data * const * result = data->find(&ClientAddress, aclIpAddrNetworkCompare);
debugs(28, 3, "aclIpMatchIp: '" << clientip << "' " << (result ? "found" : "NOT found"));
- return (result != NULL);
+ return (result != nullptr);
}
-acl_ip_data::acl_ip_data() :addr1(), addr2(), mask(), next (NULL) {}
+acl_ip_data::acl_ip_data() :addr1(), addr2(), mask(), next (nullptr) {}
acl_ip_data::acl_ip_data(Ip::Address const &anAddress1, Ip::Address const &anAddress2, Ip::Address const &aMask, acl_ip_data *aNext) : addr1(anAddress1), addr2(anAddress2), mask(aMask), next(aNext) {}