From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 14 Nov 2012 06:50:52 +0000 (-0700)
Subject: ext_time_quota_acl: Polish and handle bad input better
X-Git-Tag: SQUID_3_4_0_1~510
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=03f581b09946b8c0b8c383c58e4c2d42bd413ea3;p=thirdparty%2Fsquid.git

ext_time_quota_acl: Polish and handle bad input better

* Send BH response code when username field is missing or empty on the
  input line received from Squid (or manually typed)

* Display error message on broken config file lines and skip instead of
  crashing.

* Polish out some unused assignments.

 Detected by Coverity Scan. Issues 740404, 740405, 740591
---

diff --git a/helpers/external_acl/file_userip/ext_file_userip_acl.cc b/helpers/external_acl/file_userip/ext_file_userip_acl.cc
index 6f32aabfa2..d359d79b40 100644
--- a/helpers/external_acl/file_userip/ext_file_userip_acl.cc
+++ b/helpers/external_acl/file_userip/ext_file_userip_acl.cc
@@ -217,7 +217,6 @@ usage(const char *program_name)
 int
 main (int argc, char *argv[])
 {
-    FILE *FH;
     char *filename = NULL;
     char *program_name = argv[0];
     char *cp;
diff --git a/helpers/external_acl/time_quota/ext_time_quota_acl.cc b/helpers/external_acl/time_quota/ext_time_quota_acl.cc
index 16b7301f75..40f0c35aba 100644
--- a/helpers/external_acl/time_quota/ext_time_quota_acl.cc
+++ b/helpers/external_acl/time_quota/ext_time_quota_acl.cc
@@ -264,7 +264,9 @@ static void readConfig(const char *filename)
     FH = fopen(filename, "r");
     if ( FH ) {
         /* the pointer to the first entry in the linked list */
-        while ((cp = fgets (line, sizeof(line), FH)) != NULL) {
+        unsigned int lineCount = 0;
+        while (fgets(line, sizeof(line), FH)) {
+            ++lineCount;
             if (line[0] == '#') {
                 continue;
             }
@@ -272,13 +274,18 @@ static void readConfig(const char *filename)
                 /* chop \n characters */
                 *cp = '\0';
             }
-            log_debug("read config line \"%s\".\n", line);
-            if ((cp = strtok (line, "\t ")) != NULL) {
-                username = cp;
+            log_debug("read config line %u: \"%s\".\n", lineCount, line);
+            if ((username = strtok(line, "\t ")) != NULL) {
 
                 /* get the time budget */
-                budget = strtok (NULL, "/");
-                period = strtok (NULL, "/");
+                if ((budget = strtok(NULL, "/")) == NULL) {
+                    fprintf(stderr, "ERROR: missing 'budget' field on line %u of '%s'.\n", lineCount, filename);
+                    continue;
+                }
+                if ((period = strtok(NULL, "/")) == NULL) {
+                    fprintf(stderr, "ERROR: missing 'period' field on line %u of '%s'.\n", lineCount, filename);
+                    continue;
+                }
 
                 parseTime(budget, &budgetSecs, &start);
                 parseTime(period, &periodSecs, &start);
@@ -437,10 +444,12 @@ int main(int argc, char **argv)
 
     log_info("Waiting for requests...\n");
     while (fgets(request, HELPER_INPUT_BUFFER, stdin)) {
-        // we expect the following line syntax: "%LOGIN
-        const char *user_key = NULL;
-        user_key = strtok(request, " \n");
-
+        // we expect the following line syntax: %LOGIN
+        const char *user_key = strtok(request, " \n");
+        if (!user_key) {
+            SEND_BH("message=\"User name missing\"");
+            continue;
+        }
         processActivity(user_key);
     }
     log_info("Ending %s\n", __FILE__);