tmpl_aexpand() type doesn't need escape functions

the only two callers didn't pass it, and the output data is only
used for key comparisons (csv) or for delays (delay)

We also cap delays, so that they are not crazy :(

diff --git a/src/lib/server/tmpl.h b/src/lib/server/tmpl.h
index b9a5bda06b1996a5a1792309fef8fa33243159e7..92c9e7399b3c965013b93e40eb1df3d2985876c5 100644 (file)
--- a/src/lib/server/tmpl.h
+++ b/src/lib/server/tmpl.h
@@ -1082,8 +1082,8 @@ typedef enum {
  *
  * @see _tmpl_to_atype
  */
-#define tmpl_aexpand_type(_ctx, _out, _type, _request, _vpt, _escape, _escape_ctx) \
-                         _tmpl_to_atype(_ctx, (void *)(_out), _request, _vpt, _escape, _escape_ctx, _type)
+#define tmpl_aexpand_type(_ctx, _out, _type, _request, _vpt) \
+                         _tmpl_to_atype(_ctx, (void *)(_out), _request, _vpt, NULL, NULL, _type)
 
 void                   tmpl_debug(tmpl_t const *vpt) CC_HINT(nonnull);
 

diff --git a/src/modules/rlm_csv/rlm_csv.c b/src/modules/rlm_csv/rlm_csv.c
index 853bde97c05416d2b4df74c6f09b3a019a81517e..96a6c280f7d35eb68c64a60823eba4de24aeae17 100644 (file)
--- a/src/modules/rlm_csv/rlm_csv.c
+++ b/src/modules/rlm_csv/rlm_csv.c
@@ -1013,7 +1013,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul
         *      Expand the key to whatever it is.  For attributes,
         *      this usually just means copying the value box.
         */
-       slen = tmpl_aexpand_type(request, &key, FR_TYPE_VALUE_BOX, request, inst->key, NULL, NULL);
+       slen = tmpl_aexpand_type(request, &key, FR_TYPE_VALUE_BOX, request, inst->key);
        if (slen < 0) {
                DEBUG("Failed expanding key '%s'", inst->key->name);
                RETURN_MODULE_FAIL;

diff --git a/src/modules/rlm_delay/rlm_delay.c b/src/modules/rlm_delay/rlm_delay.c
index 2b2f7db3022541835e4bae7bf928dbcadffa45d7..679be93d1e158e2a0f648301a2c81e938e361deb 100644 (file)
--- a/src/modules/rlm_delay/rlm_delay.c
+++ b/src/modules/rlm_delay/rlm_delay.c
@@ -140,10 +140,25 @@ static unlang_action_t CC_HINT(nonnull) mod_delay(rlm_rcode_t *p_result, module_
 
        if (inst->delay) {
                if (tmpl_aexpand_type(request, &delay, FR_TYPE_TIME_DELTA,
-                                     request, inst->delay, NULL, NULL) < 0) {
+                                     request, inst->delay) < 0) {
                        RPEDEBUG("Failed parsing %s as delay time", inst->delay->name);
                        RETURN_MODULE_FAIL;
                }
+
+               /*
+                *      Cap delays.  So that no matter what crazy
+                *      thing the admin does, it doesn't cause an
+                *      issue.
+                */
+               if (fr_time_delta_cmp(delay, fr_time_delta_from_sec(0)) < 0) {
+                       RWDEBUG("Delay is too small.  Limiting to 0s");
+                       delay = fr_time_delta_wrap(0);
+
+               } else if (fr_time_delta_cmp(delay, fr_time_delta_from_sec(30)) > 0) {
+                       RWDEBUG("Delay is too large.  Limiting to 30s");
+                       delay = fr_time_delta_from_sec(30);
+               }
+
        } else {
                delay = fr_time_delta_wrap(0);
        }