Re: DIFF: helpers/external_acl/eDirectory_userip (2010-09-22)

From: Chad Naugle <Chad.Naugle_at_travimp.com>
Date: Wed, 22 Sep 2010 13:22:56 -0400

I fixed all the mentioned errors below, I believe, and I have it building with test-builds.sh if I enable it using "config.test". I didn't let it go past the "btlayer-00-default".
 
- Removed all compile-time warnings.
- Disabled "local_debug()" in favor of Squid's "debug()".
- Swapped out all "strcpy()" and "strncpy()" calls for Squid's "xstrncpy()"
- Added meaningful error messages to ERR responses, as opposed to only "debug()" calls.
- Added ERR message, loop continue, to a BindLDAP() failure, like as if it can't connect to the LDAP Servce. I used "continue" as opposed to "exit" so Squid doesn't complain if the helper exits, unless you want it to work that way.
- Fully changed default LDAP Search Scope & Attributes, last diff was missing '-u' option code, default settings, etc.
- Made a few slight modifications to the man page, to mention importance of proper Partition Replication, and using the '-G' option, along with proper squid.conf syntax for Groups.

* inet_pton / inet_ntop() use as a replacement for my ConvertIP() has it's limitations. They will work fine for IPv4-only or checking to make sure IPv6 format is correct, but they will not convert an IPv6 address into LONG format. ConvertIP() will do this, ie: a0a::1 will turn into 0A0A0000000000000000000000000001, instead of back to a0a::1. This is because SearchFilterLDAP() needs to add '\' in front of each HEX in order to search for it under LDAP, ie. \0A\0A\00\00\00\00\00\00\00\00\00\00\00\00\00\01. If there is a function that will do this for IPv6, please let me know, and I'll make the adjustments...

* Squid-level suggestions
- Make SEND_ERR / SEND_OK more useful, to, let's say, use fprintf(stdout) / fflush(stdout), and I'll incorporate it to replace my "local_printfx()" for the helper replies.
- Add a Squid-Level equivalent of "printf()", such as "xprintf()", so Squid can trap them properly (forked), versus running the program manually.
- Add more Utility Functions, like "xstrncpy()" to Squid's library, mostly for portability reasons.

---------------------------------------------
Chad E. Naugle
Tech Support II, x. 7981
Travel Impressions, Ltd.
 

>>> Amos Jeffries <squid3_at_treenet.co.nz> 9/19/2010 1:17 AM >>>
On 19/09/10 15:21, Amos Jeffries wrote:
> On 08/09/10 07:27, Chad Naugle wrote:
>> Necessary patch for making this helper/feature build-able, and compiled
>> into a single file. Further recommended changes will come after this
>> step, such as inet_pton conversion.
>
> Applied. Thank you.
>
> I've been doing static code analysis tests today and fixing memory leaks.
>

meh. mailer troubles.

Here is a list of the important ones the tests have found in this code
(bracket holds the line number):

[214]: (style) After a strncpy() the buffer should be zero-terminated
[216]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[861]: (style) After a strncpy() the buffer should be zero-terminated
[867]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1133]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1134]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1147]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1162]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1163]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1125]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1129]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1131]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1154]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1158]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1160]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1142]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1145]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1195]: (style) After a strncpy() the buffer should be zero-terminated
[1387]: (style) After a strncpy() the buffer should be zero-terminated
[1389]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1419]: (style) After a strncpy() the buffer should be zero-terminated
[1421]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1451]: (style) After a strncpy() the buffer should be zero-terminated
[1453]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1483]: (style) After a strncpy() the buffer should be zero-terminated
[1485]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[1515]: (style) After a strncpy() the buffer should be zero-terminated
[1517]: (possible error) Dangerous usage of strncat. Tip: the 3rd
parameter means maximum number of characters to append
[227]: (error) Undefined behaviour: dbuf is used wrong in call to
sprintf or snprintf. Quote: If copying takes place between objects that
  overlap as a result of a call to sprintf() or snprintf(), the results
are undefined.
[264, 303]: (error) Undefined behaviour: dbuf is used wrong in call to
sprintf or snprintf. Quote: If copying takes place between objects that
  overlap as a result of a call to sprintf() or snprintf(), the results
are undefined.
[303]: (error) Undefined behaviour: dbuf is used wrong in call to
sprintf or snprintf. Quote: If copying takes place between objects that
  overlap as a result of a call to sprintf() or snprintf(), the results
are undefined.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.8
   Beta testers wanted for 3.2.0.2
Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient and may contain confidential or privileged information.  If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited.  If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments.
Thank you."

Received on Wed Sep 22 2010 - 17:23:05 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 23 2010 - 12:00:11 MDT