ext_time_quota_acl: Polish and handle bad input better

* Send BH response code when username field is missing or empty on the
  input line received from Squid (or manually typed)

* Display error message on broken config file lines and skip instead of
  crashing.

* Polish out some unused assignments.

 Detected by Coverity Scan. Issues 740404, 740405, 740591

diff --git a/helpers/external_acl/file_userip/ext_file_userip_acl.cc b/helpers/external_acl/file_userip/ext_file_userip_acl.cc
index 6f32aabfa2e918449191c97919b56f55eead8640..d359d79b40bcd6c866deafabc7cd2be6e5744540 100644 (file)
--- a/helpers/external_acl/file_userip/ext_file_userip_acl.cc
+++ b/helpers/external_acl/file_userip/ext_file_userip_acl.cc
@@ -217,7 +217,6 @@ usage(const char *program_name)
 int
 main (int argc, char *argv[])
 {
-    FILE *FH;
     char *filename = NULL;
     char *program_name = argv[0];
     char *cp;

diff --git a/helpers/external_acl/time_quota/ext_time_quota_acl.cc b/helpers/external_acl/time_quota/ext_time_quota_acl.cc
index 16b7301f75985c6bf5ec9d6a9940bc8e0776fb16..40f0c35aba573998a7c24de78249b145a76b1656 100644 (file)
--- a/helpers/external_acl/time_quota/ext_time_quota_acl.cc
+++ b/helpers/external_acl/time_quota/ext_time_quota_acl.cc
@@ -264,7 +264,9 @@ static void readConfig(const char *filename)
     FH = fopen(filename, "r");
     if ( FH ) {
         /* the pointer to the first entry in the linked list */
-        while ((cp = fgets (line, sizeof(line), FH)) != NULL) {
+        unsigned int lineCount = 0;
+        while (fgets(line, sizeof(line), FH)) {
+            ++lineCount;
             if (line[0] == '#') {
                 continue;
             }
@@ -272,13 +274,18 @@ static void readConfig(const char *filename)
                 /* chop \n characters */
                 *cp = '\0';
             }
-            log_debug("read config line \"%s\".\n", line);
-            if ((cp = strtok (line, "\t ")) != NULL) {
-                username = cp;
+            log_debug("read config line %u: \"%s\".\n", lineCount, line);
+            if ((username = strtok(line, "\t ")) != NULL) {
 
                 /* get the time budget */
-                budget = strtok (NULL, "/");
-                period = strtok (NULL, "/");
+                if ((budget = strtok(NULL, "/")) == NULL) {
+                    fprintf(stderr, "ERROR: missing 'budget' field on line %u of '%s'.\n", lineCount, filename);
+                    continue;
+                }
+                if ((period = strtok(NULL, "/")) == NULL) {
+                    fprintf(stderr, "ERROR: missing 'period' field on line %u of '%s'.\n", lineCount, filename);
+                    continue;
+                }
 
                 parseTime(budget, &budgetSecs, &start);
                 parseTime(period, &periodSecs, &start);
@@ -437,10 +444,12 @@ int main(int argc, char **argv)
 
     log_info("Waiting for requests...\n");
     while (fgets(request, HELPER_INPUT_BUFFER, stdin)) {
-        // we expect the following line syntax: "%LOGIN
-        const char *user_key = NULL;
-        user_key = strtok(request, " \n");
-
+        // we expect the following line syntax: %LOGIN
+        const char *user_key = strtok(request, " \n");
+        if (!user_key) {
+            SEND_BH("message=\"User name missing\"");
+            continue;
+        }
         processActivity(user_key);
     }
     log_info("Ending %s\n", __FILE__);