Hi all, I would like to improve the configuration parsing and checking of Squid. I was/am involved in a project which uses Squid to do testing under different configurations.
During the project, I found quite a number of problems related to configuration design (I hope you do think they are problems). For example, http://bugs.squid-cache.org/show_bug.cgi?id=3729 which is an integer overflow bug. But, to me, there're more problems than this particular bug, for example, when parsing the numeric values, we have such code: /* src/Parsing.cc */ 93 i = strtoll(token, NULL, 10); which does not check integer overflow nor bad numeric values (e.g., introduced by typos). In GetInteger(void), we use /* src/Parsing.cc */ 108 if (sscanf(token, "%i", &i) != 1) like atoi(), sscanf is also unsafe and has no way to check whether the number has integer overflow or bad characters, etc. It's better to use strtoll() for string to integer convention which has the ability to check users' misconfigurations (strtoll can also deal with octal and hex numbers with prefix (0 and 0x)). The consequence of these is the current system accepts the following misconfigurations silently without notifying users: http_port 6553M5 fqdncache_size 3500000000 In the example above, the system listens to port 6553 with the fqdn cache size of -794967296. Another example is like parse_onoff() in "src/cache_cf.cc" 2559 if (!strcasecmp(token, "on") || !strcasecmp(token, "enable")) 2560 *var = 1; 2561 else 2562 *var = 0; what if the user misconfigures like "yes" or "true", or even a typo like "enabe"? These problems are definitely not bugs but I think good configuration design with good checking and parsing can prevent a lot of latter problems, and can significantly save users' time. After all, not every users even administrators are reading our source code. So I hope I can make our software more user-friendly and popular. How do you guys think? If you guys think it's a good idea. I'm willing to spend time on it. Best regards, Tianyin -- Tianyin XU, http://cseweb.ucsd.edu/~tixu/
