From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Thu, 5 Sep 2024 17:46:20 +0000 (+0000)
Subject: Bug 5417: An empty annotation value does not match (#1896)
X-Git-Tag: SQUID_7_0_1~65
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=5370d36199e577b6aa424658260aab08e32d9015;p=thirdparty%2Fsquid.git

Bug 5417: An empty annotation value does not match (#1896)

Helpers may return annotations with empty values:

    OK team_=""

A note ACL may be configured to match an annotation with an empty value:

    configuration_includes_quoted_values on
    acl emptyTeam note team_ ""

However, that emptyTeam ACL did not match the above helper annotation:

* AppendTokens() split an empty annotation value into an empty vector
  instead of a vector with a single empty entry. That "never match an
  empty value received from the helper" bug was probably introduced in
  2017 commit 75d47340 when it replaced an "always try to match an empty
  value, even when it was not received from the helper" bug in
  ACLNoteStrategy::matchNotes().

* ACLStringData::match(SBuf v) never matched an empty value v. That bug
  was probably introduced in 2015 commit 76ee67ac that mistook a nil
  c-string pointer for an empty c-string.
---

diff --git a/src/Notes.cc b/src/Notes.cc
index 57c54a1a3a..ce97b177f6 100644
--- a/src/Notes.cc
+++ b/src/Notes.cc
@@ -339,12 +339,12 @@ static void
 AppendTokens(NotePairs::Entries &entries, const SBuf &key, const SBuf &val, const CharacterSet &delimiters)
 {
     Parser::Tokenizer tok(val);
-    SBuf v;
-    while (tok.token(v, delimiters))
-        entries.push_back(new NotePairs::Entry(key, v));
-    v = tok.remaining();
-    if (!v.isEmpty())
-        entries.push_back(new NotePairs::Entry(key, v));
+    const auto tokenCharacters = delimiters.complement("non-delimiters");
+    do {
+        SBuf token;
+        (void)tok.prefix(token, tokenCharacters);
+        entries.push_back(new NotePairs::Entry(key, token)); // token may be empty
+    } while (tok.skipOne(delimiters));
 }
 
 const NotePairs::Entries &
diff --git a/src/acl/StringData.cc b/src/acl/StringData.cc
index fb31866397..cd5f1af9f3 100644
--- a/src/acl/StringData.cc
+++ b/src/acl/StringData.cc
@@ -23,7 +23,7 @@ ACLStringData::insert(const char *value)
 bool
 ACLStringData::match(const SBuf &tf)
 {
-    if (stringValues.empty() || tf.isEmpty())
+    if (stringValues.empty())
         return 0;
 
     debugs(28, 3, "aclMatchStringList: checking '" << tf << "'");
@@ -38,6 +38,11 @@ ACLStringData::match(const SBuf &tf)
 bool
 ACLStringData::match(char const *toFind)
 {
+    if (!toFind) {
+        // TODO: Check whether we can Assure(toFind) instead.
+        debugs(28, 3, "not matching a nil c-string");
+        return false;
+    }
     return match(SBuf(toFind));
 }