Propose to improve the configuration parsing and checking

From: Tianyin Xu <tixu_at_cs.ucsd.edu>
Date: Fri, 28 Dec 2012 22:26:05 -0800

Hi all,

I would like to improve the configuration parsing and checking of
Squid. I was/am involved in a project which uses Squid to do testing
under different configurations.

During the project, I found quite a number of problems related to
configuration design (I hope you do think they are problems).

For example,
http://bugs.squid-cache.org/show_bug.cgi?id=3729
which is an integer overflow bug.

But, to me, there're more problems than this particular bug, for
example, when parsing the numeric values, we have such code:

/* src/Parsing.cc */
93 i = strtoll(token, NULL, 10);

which does not check integer overflow nor bad numeric values (e.g.,
introduced by typos).

In GetInteger(void), we use

/* src/Parsing.cc */
108 if (sscanf(token, "%i", &i) != 1)

like atoi(), sscanf is also unsafe and has no way to check whether the
number has integer overflow or bad characters, etc. It's better to use
strtoll() for string to integer convention which has the ability to
check users' misconfigurations (strtoll can also deal with octal and
hex numbers with prefix (0 and 0x)).

The consequence of these is the current system accepts the following
misconfigurations silently without notifying users:

http_port 6553M5
fqdncache_size 3500000000

In the example above, the system listens to port 6553 with the fqdn
cache size of -794967296.

Another example is like parse_onoff() in "src/cache_cf.cc"

2559 if (!strcasecmp(token, "on") || !strcasecmp(token, "enable"))
2560 *var = 1;
2561 else
2562 *var = 0;

what if the user misconfigures like "yes" or "true", or even a typo
like "enabe"?

These problems are definitely not bugs but I think good configuration
design with good checking and parsing can prevent a lot of latter
problems, and can significantly save users' time. After all, not every
users even administrators are reading our source code. So I hope I can
make our software more user-friendly and popular.

How do you guys think? If you guys think it's a good idea. I'm willing
to spend time on it.

Best regards,
Tianyin

--
Tianyin XU,
http://cseweb.ucsd.edu/~tixu/
Received on Sat Dec 29 2012 - 06:26:14 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 29 2012 - 12:00:50 MST