1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2017 */
6 /* See the file NOTICE for conditions of use and distribution. */
8 /* Miscellaneous string-handling functions. Some are not required for
9 utilities and tests, and are cut out by the COMPILE_UTILITY macro. */
15 #ifndef COMPILE_UTILITY
16 /*************************************************
17 * Test for IP address *
18 *************************************************/
20 /* This used just to be a regular expression, but with IPv6 things are a bit
21 more complicated. If the address contains a colon, it is assumed to be a v6
22 address (assuming HAVE_IPV6 is set). If a mask is permitted and one is present,
23 and maskptr is not NULL, its offset is placed there.
27 maskptr NULL if no mask is permitted to follow
28 otherwise, points to an int where the offset of '/' is placed
29 if there is no / followed by trailing digits, *maskptr is set 0
31 Returns: 0 if the string is not a textual representation of an IP address
32 4 if it is an IPv4 address
33 6 if it is an IPv6 address
37 string_is_ip_address(const uschar *s, int *maskptr)
42 /* If an optional mask is permitted, check for it. If found, pass back the
47 const uschar *ss = s + Ustrlen(s);
49 if (s != ss && isdigit(*(--ss)))
51 while (ss > s && isdigit(ss[-1])) ss--;
52 if (ss > s && *(--ss) == '/') *maskptr = ss - s;
56 /* A colon anywhere in the string => IPv6 address */
58 if (Ustrchr(s, ':') != NULL)
60 BOOL had_double_colon = FALSE;
66 /* An IPv6 address must start with hex digit or double colon. A single
69 if (*s == ':' && *(++s) != ':') return 0;
71 /* Now read up to 8 components consisting of up to 4 hex digits each. There
72 may be one and only one appearance of double colon, which implies any number
73 of binary zero bits. The number of preceding components is held in count. */
75 for (count = 0; count < 8; count++)
77 /* If the end of the string is reached before reading 8 components, the
78 address is valid provided a double colon has been read. This also applies
79 if we hit the / that introduces a mask or the % that introduces the
80 interface specifier (scope id) of a link-local address. */
82 if (*s == 0 || *s == '%' || *s == '/') return had_double_colon ? yield : 0;
84 /* If a component starts with an additional colon, we have hit a double
85 colon. This is permitted to appear once only, and counts as at least
86 one component. The final component may be of this form. */
90 if (had_double_colon) return 0;
91 had_double_colon = TRUE;
96 /* If the remainder of the string contains a dot but no colons, we
97 can expect a trailing IPv4 address. This is valid if either there has
98 been no double-colon and this is the 7th component (with the IPv4 address
99 being the 7th & 8th components), OR if there has been a double-colon
100 and fewer than 6 components. */
102 if (Ustrchr(s, ':') == NULL && Ustrchr(s, '.') != NULL)
104 if ((!had_double_colon && count != 6) ||
105 (had_double_colon && count > 6)) return 0;
111 /* Check for at least one and not more than 4 hex digits for this
114 if (!isxdigit(*s++)) return 0;
115 if (isxdigit(*s) && isxdigit(*(++s)) && isxdigit(*(++s))) s++;
117 /* If the component is terminated by colon and there is more to
118 follow, skip over the colon. If there is no more to follow the address is
121 if (*s == ':' && *(++s) == 0) return 0;
124 /* If about to handle a trailing IPv4 address, drop through. Otherwise
125 all is well if we are at the end of the string or at the mask or at a percent
126 sign, which introduces the interface specifier (scope id) of a link local
130 return (*s == 0 || *s == '%' ||
131 (*s == '/' && maskptr != NULL && *maskptr != 0))? yield : 0;
134 /* Test for IPv4 address, which may be the tail-end of an IPv6 address. */
136 for (i = 0; i < 4; i++)
141 if (i != 0 && *s++ != '.') return 0;
142 n = strtol(CCS s, CSS &end, 10);
143 if (n > 255 || n < 0 || end <= s || end > s+3) return 0;
147 return !*s || (*s == '/' && maskptr && *maskptr != 0) ? yield : 0;
149 #endif /* COMPILE_UTILITY */
152 /*************************************************
153 * Format message size *
154 *************************************************/
156 /* Convert a message size in bytes to printing form, rounding
157 according to the magnitude of the number. A value of zero causes
158 a string of spaces to be returned.
161 size the message size in bytes
162 buffer where to put the answer
164 Returns: pointer to the buffer
165 a string of exactly 5 characters is normally returned
169 string_format_size(int size, uschar *buffer)
171 if (size == 0) Ustrcpy(buffer, " ");
172 else if (size < 1024) sprintf(CS buffer, "%5d", size);
173 else if (size < 10*1024)
174 sprintf(CS buffer, "%4.1fK", (double)size / 1024.0);
175 else if (size < 1024*1024)
176 sprintf(CS buffer, "%4dK", (size + 512)/1024);
177 else if (size < 10*1024*1024)
178 sprintf(CS buffer, "%4.1fM", (double)size / (1024.0 * 1024.0));
180 sprintf(CS buffer, "%4dM", (size + 512 * 1024)/(1024*1024));
186 #ifndef COMPILE_UTILITY
187 /*************************************************
188 * Convert a number to base 62 format *
189 *************************************************/
191 /* Convert a long integer into an ASCII base 62 string. For Cygwin the value of
192 BASE_62 is actually 36. Always return exactly 6 characters plus zero, in a
195 Argument: a long integer
196 Returns: pointer to base 62 string
200 string_base62(unsigned long int value)
202 static uschar yield[7];
203 uschar *p = yield + sizeof(yield) - 1;
207 *(--p) = base62_chars[value % BASE_62];
212 #endif /* COMPILE_UTILITY */
216 /*************************************************
217 * Interpret escape sequence *
218 *************************************************/
220 /* This function is called from several places where escape sequences are to be
221 interpreted in strings.
224 pp points a pointer to the initiating "\" in the string;
225 the pointer gets updated to point to the final character
226 Returns: the value of the character escape
230 string_interpret_escape(const uschar **pp)
232 #ifdef COMPILE_UTILITY
233 const uschar *hex_digits= CUS"0123456789abcdef";
236 const uschar *p = *pp;
238 if (isdigit(ch) && ch != '8' && ch != '9')
241 if (isdigit(p[1]) && p[1] != '8' && p[1] != '9')
243 ch = ch * 8 + *(++p) - '0';
244 if (isdigit(p[1]) && p[1] != '8' && p[1] != '9')
245 ch = ch * 8 + *(++p) - '0';
250 case 'b': ch = '\b'; break;
251 case 'f': ch = '\f'; break;
252 case 'n': ch = '\n'; break;
253 case 'r': ch = '\r'; break;
254 case 't': ch = '\t'; break;
255 case 'v': ch = '\v'; break;
261 Ustrchr(hex_digits, tolower(*(++p))) - hex_digits;
262 if (isxdigit(p[1])) ch = ch * 16 +
263 Ustrchr(hex_digits, tolower(*(++p))) - hex_digits;
273 #ifndef COMPILE_UTILITY
274 /*************************************************
275 * Ensure string is printable *
276 *************************************************/
278 /* This function is called for critical strings. It checks for any
279 non-printing characters, and if any are found, it makes a new copy
280 of the string with suitable escape sequences. It is most often called by the
281 macro string_printing(), which sets allow_tab TRUE.
285 allow_tab TRUE to allow tab as a printing character
287 Returns: string with non-printers encoded as printing sequences
291 string_printing2(const uschar *s, BOOL allow_tab)
293 int nonprintcount = 0;
301 if (!mac_isprint(c) || (!allow_tab && c == '\t')) nonprintcount++;
305 if (nonprintcount == 0) return s;
307 /* Get a new block of store guaranteed big enough to hold the
310 ss = store_get(length + nonprintcount * 3 + 1);
312 /* Copy everything, escaping non printers. */
320 if (mac_isprint(c) && (allow_tab || c != '\t')) *tt++ = *t++; else
325 case '\n': *tt++ = 'n'; break;
326 case '\r': *tt++ = 'r'; break;
327 case '\b': *tt++ = 'b'; break;
328 case '\v': *tt++ = 'v'; break;
329 case '\f': *tt++ = 'f'; break;
330 case '\t': *tt++ = 't'; break;
331 default: sprintf(CS tt, "%03o", *t); tt += 3; break;
339 #endif /* COMPILE_UTILITY */
341 /*************************************************
342 * Undo printing escapes in string *
343 *************************************************/
345 /* This function is the reverse of string_printing2. It searches for
346 backslash characters and if any are found, it makes a new copy of the
347 string with escape sequences parsed. Otherwise it returns the original
353 Returns: string with printing escapes parsed back
357 string_unprinting(uschar *s)
359 uschar *p, *q, *r, *ss;
362 p = Ustrchr(s, '\\');
365 len = Ustrlen(s) + 1;
380 *q++ = string_interpret_escape((const uschar **)&p);
385 r = Ustrchr(p, '\\');
411 /*************************************************
412 * Copy and save string *
413 *************************************************/
415 /* This function assumes that memcpy() is faster than strcpy().
417 Argument: string to copy
418 Returns: copy of string in new store
422 string_copy(const uschar *s)
424 int len = Ustrlen(s) + 1;
425 uschar *ss = store_get(len);
432 /*************************************************
433 * Copy and save string in malloc'd store *
434 *************************************************/
436 /* This function assumes that memcpy() is faster than strcpy().
438 Argument: string to copy
439 Returns: copy of string in new store
443 string_copy_malloc(const uschar *s)
445 int len = Ustrlen(s) + 1;
446 uschar *ss = store_malloc(len);
453 /*************************************************
454 * Copy, lowercase and save string *
455 *************************************************/
458 Argument: string to copy
459 Returns: copy of string in new store, with letters lowercased
463 string_copylc(const uschar *s)
465 uschar *ss = store_get(Ustrlen(s) + 1);
467 while (*s != 0) *p++ = tolower(*s++);
474 /*************************************************
475 * Copy and save string, given length *
476 *************************************************/
478 /* It is assumed the data contains no zeros. A zero is added
483 n number of characters
485 Returns: copy of string in new store
489 string_copyn(const uschar *s, int n)
491 uschar *ss = store_get(n + 1);
498 /*************************************************
499 * Copy, lowercase, and save string, given length *
500 *************************************************/
502 /* It is assumed the data contains no zeros. A zero is added
507 n number of characters
509 Returns: copy of string in new store, with letters lowercased
513 string_copynlc(uschar *s, int n)
515 uschar *ss = store_get(n + 1);
517 while (n-- > 0) *p++ = tolower(*s++);
524 /*************************************************
525 * Copy string if long, inserting newlines *
526 *************************************************/
528 /* If the given string is longer than 75 characters, it is copied, and within
529 the copy, certain space characters are converted into newlines.
531 Argument: pointer to the string
532 Returns: pointer to the possibly altered string
536 string_split_message(uschar *msg)
540 if (msg == NULL || Ustrlen(msg) <= 75) return msg;
541 s = ss = msg = string_copy(msg);
546 while (i < 75 && *ss != 0 && *ss != '\n') ss++, i++;
558 if (t[-1] == ':') { tt = t; break; }
559 if (tt == NULL) tt = t;
563 if (tt == NULL) /* Can't split behind - try ahead */
568 if (*t == ' ' || *t == '\n')
574 if (tt == NULL) break; /* Can't find anywhere to split */
585 /*************************************************
586 * Copy returned DNS domain name, de-escaping *
587 *************************************************/
589 /* If a domain name contains top-bit characters, some resolvers return
590 the fully qualified name with those characters turned into escapes. The
591 convention is a backslash followed by _decimal_ digits. We convert these
592 back into the original binary values. This will be relevant when
593 allow_utf8_domains is set true and UTF-8 characters are used in domain
594 names. Backslash can also be used to escape other characters, though we
595 shouldn't come across them in domain names.
597 Argument: the domain name string
598 Returns: copy of string in new store, de-escaped
602 string_copy_dnsdomain(uschar *s)
605 uschar *ss = yield = store_get(Ustrlen(s) + 1);
613 else if (isdigit(s[1]))
615 *ss++ = (s[1] - '0')*100 + (s[2] - '0')*10 + s[3] - '0';
618 else if (*(++s) != 0)
629 #ifndef COMPILE_UTILITY
630 /*************************************************
631 * Copy space-terminated or quoted string *
632 *************************************************/
634 /* This function copies from a string until its end, or until whitespace is
635 encountered, unless the string begins with a double quote, in which case the
636 terminating quote is sought, and escaping within the string is done. The length
637 of a de-quoted string can be no longer than the original, since escaping always
638 turns n characters into 1 character.
640 Argument: pointer to the pointer to the first character, which gets updated
641 Returns: the new string
645 string_dequote(const uschar **sptr)
647 const uschar *s = *sptr;
650 /* First find the end of the string */
654 while (*s != 0 && !isspace(*s)) s++;
659 while (*s != 0 && *s != '\"')
661 if (*s == '\\') (void)string_interpret_escape(&s);
667 /* Get enough store to copy into */
669 t = yield = store_get(s - *sptr + 1);
676 while (*s != 0 && !isspace(*s)) *t++ = *s++;
681 while (*s != 0 && *s != '\"')
683 if (*s == '\\') *t++ = string_interpret_escape(&s);
690 /* Update the pointer and return the terminated copy */
696 #endif /* COMPILE_UTILITY */
700 /*************************************************
701 * Format a string and save it *
702 *************************************************/
704 /* The formatting is done by string_format, which checks the length of
708 format a printf() format - deliberately char * rather than uschar *
709 because it will most usually be a literal string
710 ... arguments for format
712 Returns: pointer to fresh piece of store containing sprintf'ed string
716 string_sprintf(const char *format, ...)
719 uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
720 va_start(ap, format);
721 if (!string_vformat(buffer, sizeof(buffer), format, ap))
722 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
723 "string_sprintf expansion was longer than " SIZE_T_FMT
724 "; format string was (%s)\nexpansion started '%.32s'",
725 sizeof(buffer), format, buffer);
727 return string_copy(buffer);
732 /*************************************************
733 * Case-independent strncmp() function *
734 *************************************************/
740 n number of characters to compare
742 Returns: < 0, = 0, or > 0, according to the comparison
746 strncmpic(const uschar *s, const uschar *t, int n)
750 int c = tolower(*s++) - tolower(*t++);
757 /*************************************************
758 * Case-independent strcmp() function *
759 *************************************************/
766 Returns: < 0, = 0, or > 0, according to the comparison
770 strcmpic(const uschar *s, const uschar *t)
774 int c = tolower(*s++) - tolower(*t++);
775 if (c != 0) return c;
781 /*************************************************
782 * Case-independent strstr() function *
783 *************************************************/
785 /* The third argument specifies whether whitespace is required
786 to follow the matched string.
790 t substring to search for
791 space_follows if TRUE, match only if whitespace follows
793 Returns: pointer to substring in string, or NULL if not found
797 strstric(uschar *s, uschar *t, BOOL space_follows)
800 uschar *yield = NULL;
801 int cl = tolower(*p);
802 int cu = toupper(*p);
806 if (*s == cl || *s == cu)
808 if (yield == NULL) yield = s;
811 if (!space_follows || s[1] == ' ' || s[1] == '\n' ) return yield;
819 else if (yield != NULL)
833 #ifndef COMPILE_UTILITY
834 /*************************************************
835 * Get next string from separated list *
836 *************************************************/
838 /* Leading and trailing space is removed from each item. The separator in the
839 list is controlled by the int pointed to by the separator argument as follows:
841 If the value is > 0 it is used as the separator. This is typically used for
842 sublists such as slash-separated options. The value is always a printing
845 (If the value is actually > UCHAR_MAX there is only one item in the list.
846 This is used for some cases when called via functions that sometimes
847 plough through lists, and sometimes are given single items.)
849 If the value is <= 0, the string is inspected for a leading <x, where x is an
850 ispunct() or an iscntrl() character. If found, x is used as the separator. If
853 (a) if separator == 0, ':' is used
854 (b) if separator <0, -separator is used
856 In all cases the value of the separator that is used is written back to the
857 int so that it is used on subsequent calls as we progress through the list.
859 A literal ispunct() separator can be represented in an item by doubling, but
860 there is no way to include an iscntrl() separator as part of the data.
863 listptr points to a pointer to the current start of the list; the
864 pointer gets updated to point after the end of the next item
865 separator a pointer to the separator character in an int (see above)
866 buffer where to put a copy of the next string in the list; or
867 NULL if the next string is returned in new memory
868 buflen when buffer is not NULL, the size of buffer; otherwise ignored
870 Returns: pointer to buffer, containing the next substring,
871 or NULL if no more substrings
875 string_nextinlist(const uschar **listptr, int *separator, uschar *buffer, int buflen)
877 int sep = *separator;
878 const uschar *s = *listptr;
881 if (s == NULL) return NULL;
883 /* This allows for a fixed specified separator to be an iscntrl() character,
884 but at the time of implementation, this is never the case. However, it's best
885 to be conservative. */
887 while (isspace(*s) && *s != sep) s++;
889 /* A change of separator is permitted, so look for a leading '<' followed by an
890 allowed character. */
894 if (*s == '<' && (ispunct(s[1]) || iscntrl(s[1])))
898 while (isspace(*s) && *s != sep) s++;
902 sep = (sep == 0)? ':' : -sep;
907 /* An empty string has no list elements */
909 if (*s == 0) return NULL;
911 /* Note whether whether or not the separator is an iscntrl() character. */
913 sep_is_special = iscntrl(sep);
915 /* Handle the case when a buffer is provided. */
922 if (*s == sep && (*(++s) != sep || sep_is_special)) break;
923 if (p < buflen - 1) buffer[p++] = *s;
925 while (p > 0 && isspace(buffer[p-1])) p--;
929 /* Handle the case when a buffer is not provided. */
936 /* We know that *s != 0 at this point. However, it might be pointing to a
937 separator, which could indicate an empty string, or (if an ispunct()
938 character) could be doubled to indicate a separator character as data at the
939 start of a string. Avoid getting working memory for an empty item. */
944 if (*s != sep || sep_is_special)
947 return string_copy(US"");
951 /* Not an empty string; the first character is guaranteed to be a data
956 for (ss = s + 1; *ss != 0 && *ss != sep; ss++) ;
957 g = string_catn(g, s, ss-s);
959 if (*s == 0 || *(++s) != sep || sep_is_special) break;
961 while (g->ptr > 0 && isspace(g->s[g->ptr-1])) g->ptr--;
962 buffer = string_from_gstring(g);
965 /* Update the current pointer and return the new string */
972 static const uschar *
973 Ustrnchr(const uschar * s, int c, unsigned * len)
978 if (!*s) return NULL;
991 /************************************************
992 * Add element to separated list *
993 ************************************************/
994 /* This function is used to build a list, returning an allocated null-terminated
995 growable string. The given element has any embedded separator characters
998 Despite having the same growable-string interface as string_cat() the list is
999 always returned null-terminated.
1002 list expanding-string for the list that is being built, or NULL
1003 if this is a new list that has no contents yet
1004 sep list separator character
1005 ele new element to be appended to the list
1007 Returns: pointer to the start of the list, changed if copied for expansion.
1011 string_append_listele(gstring * list, uschar sep, const uschar * ele)
1015 if (list && list->ptr)
1016 list = string_catn(list, &sep, 1);
1018 while((sp = Ustrchr(ele, sep)))
1020 list = string_catn(list, ele, sp-ele+1);
1021 list = string_catn(list, &sep, 1);
1024 list = string_cat(list, ele);
1025 (void) string_from_gstring(list);
1031 string_append_listele_n(gstring * list, uschar sep, const uschar * ele,
1036 if (list && list->ptr)
1037 list = string_catn(list, &sep, 1);
1039 while((sp = Ustrnchr(ele, sep, &len)))
1041 list = string_catn(list, ele, sp-ele+1);
1042 list = string_catn(list, &sep, 1);
1046 list = string_catn(list, ele, len);
1047 (void) string_from_gstring(list);
1053 /************************************************/
1054 /* Create a growable-string with some preassigned space */
1057 string_get(unsigned size)
1059 gstring * g = store_get(sizeof(gstring) + size);
1066 /* NUL-terminate the C string in the growable-string, and return it. */
1069 string_from_gstring(gstring * g)
1071 if (!g) return NULL;
1072 g->s[g->ptr] = '\0';
1076 /*************************************************
1077 * Add chars to string *
1078 *************************************************/
1081 g the grawable-string
1082 p current end of data
1083 count amount to grow by
1087 gstring_grow(gstring * g, int p, int count)
1089 int oldsize = g->size;
1091 /* Mostly, string_cat() is used to build small strings of a few hundred
1092 characters at most. There are times, however, when the strings are very much
1093 longer (for example, a lookup that returns a vast number of alias addresses).
1094 To try to keep things reasonable, we use increments whose size depends on the
1095 existing length of the string. */
1097 unsigned inc = oldsize < 4096 ? 127 : 1023;
1098 g->size = ((p + count + inc) & ~inc) + 1;
1100 /* Try to extend an existing allocation. If the result of calling
1101 store_extend() is false, either there isn't room in the current memory block,
1102 or this string is not the top item on the dynamic store stack. We then have
1103 to get a new chunk of store and copy the old string. When building large
1104 strings, it is helpful to call store_release() on the old string, to release
1105 memory blocks that have become empty. (The block will be freed if the string
1106 is at its start.) However, we can do this only if we know that the old string
1107 was the last item on the dynamic memory stack. This is the case if it matches
1110 if (!store_extend(g->s, oldsize, g->size))
1111 g->s = store_newblock(g->s, g->size, p);
1116 /* This function is used when building up strings of unknown length. Room is
1117 always left for a terminating zero to be added to the string that is being
1118 built. This function does not require the string that is being added to be NUL
1119 terminated, because the number of characters to add is given explicitly. It is
1120 sometimes called to extract parts of other strings.
1123 string points to the start of the string that is being built, or NULL
1124 if this is a new string that has no contents yet
1125 s points to characters to add
1126 count count of characters to add; must not exceed the length of s, if s
1129 Returns: pointer to the start of the string, changed if copied for expansion.
1130 Note that a NUL is not added, though space is left for one. This is
1131 because string_cat() is often called multiple times to build up a
1132 string - there's no point adding the NUL till the end.
1135 /* coverity[+alloc] */
1138 string_catn(gstring * g, const uschar *s, int count)
1144 unsigned inc = count < 4096 ? 127 : 1023;
1145 unsigned size = ((count + inc) & ~inc) + 1;
1146 g = string_get(size);
1150 if (p + count >= g->size)
1151 gstring_grow(g, p, count);
1153 /* Because we always specify the exact number of characters to copy, we can
1154 use memcpy(), which is likely to be more efficient than strncopy() because the
1155 latter has to check for zero bytes. */
1157 memcpy(g->s + p, s, count);
1164 string_cat(gstring *string, const uschar *s)
1166 return string_catn(string, s, Ustrlen(s));
1171 /*************************************************
1172 * Append strings to another string *
1173 *************************************************/
1175 /* This function can be used to build a string from many other strings.
1176 It calls string_cat() to do the dirty work.
1179 string expanding-string that is being built, or NULL
1180 if this is a new string that has no contents yet
1181 count the number of strings to append
1182 ... "count" uschar* arguments, which must be valid zero-terminated
1185 Returns: pointer to the start of the string, changed if copied for expansion.
1186 The string is not zero-terminated - see string_cat() above.
1189 __inline__ gstring *
1190 string_append(gstring *string, int count, ...)
1194 va_start(ap, count);
1197 uschar *t = va_arg(ap, uschar *);
1198 string = string_cat(string, t);
1208 /*************************************************
1209 * Format a string with length checks *
1210 *************************************************/
1212 /* This function is used to format a string with checking of the length of the
1213 output for all conversions. It protects Exim from absent-mindedness when
1214 calling functions like debug_printf and string_sprintf, and elsewhere. There
1215 are two different entry points to what is actually the same function, depending
1216 on whether the variable length list of data arguments are given explicitly or
1219 The formats are the usual printf() ones, with some omissions (never used) and
1220 three additions for strings: %S forces lower case, %T forces upper case, and
1221 %#s or %#S prints nothing for a NULL string. Without the # "NULL" is printed
1222 (useful in debugging). There is also the addition of %D and %M, which insert
1223 the date in the form used for datestamped log files.
1226 buffer a buffer in which to put the formatted string
1227 buflen the length of the buffer
1228 format the format string - deliberately char * and not uschar *
1229 ... or ap variable list of supplementary arguments
1231 Returns: TRUE if the result fitted in the buffer
1235 string_format(uschar *buffer, int buflen, const char *format, ...)
1239 va_start(ap, format);
1240 yield = string_vformat(buffer, buflen, format, ap);
1247 string_vformat(uschar *buffer, int buflen, const char *format, va_list ap)
1249 /* We assume numbered ascending order, C does not guarantee that */
1250 enum { L_NORMAL=1, L_SHORT=2, L_LONG=3, L_LONGLONG=4, L_LONGDOUBLE=5, L_SIZE=6 };
1253 int width, precision;
1254 const char *fp = format; /* Deliberately not unsigned */
1256 uschar *last = buffer + buflen - 1;
1258 string_datestamp_offset = -1; /* Datestamp not inserted */
1259 string_datestamp_length = 0; /* Datestamp not inserted */
1260 string_datestamp_type = 0; /* Datestamp not inserted */
1262 /* Scan the format and handle the insertions */
1266 int length = L_NORMAL;
1269 const char *null = "NULL"; /* ) These variables */
1270 const char *item_start, *s; /* ) are deliberately */
1271 char newformat[16]; /* ) not unsigned */
1273 /* Non-% characters just get copied verbatim */
1277 if (p >= last) { yield = FALSE; break; }
1278 *p++ = (uschar)*fp++;
1282 /* Deal with % characters. Pick off the width and precision, for checking
1283 strings, skipping over the flag and modifier characters. */
1286 width = precision = -1;
1288 if (strchr("-+ #0", *(++fp)) != NULL)
1290 if (*fp == '#') null = "";
1294 if (isdigit((uschar)*fp))
1296 width = *fp++ - '0';
1297 while (isdigit((uschar)*fp)) width = width * 10 + *fp++ - '0';
1299 else if (*fp == '*')
1301 width = va_arg(ap, int);
1309 precision = va_arg(ap, int);
1315 while (isdigit((uschar)*fp))
1316 precision = precision*10 + *fp++ - '0';
1320 /* Skip over 'h', 'L', 'l', 'll' and 'z', remembering the item length */
1323 { fp++; length = L_SHORT; }
1324 else if (*fp == 'L')
1325 { fp++; length = L_LONGDOUBLE; }
1326 else if (*fp == 'l')
1331 length = L_LONGLONG;
1339 else if (*fp == 'z')
1340 { fp++; length = L_SIZE; }
1342 /* Handle each specific format type. */
1347 nptr = va_arg(ap, int *);
1356 if (p >= last - ((length > L_LONG)? 24 : 12))
1357 { yield = FALSE; goto END_FORMAT; }
1358 strncpy(newformat, item_start, fp - item_start);
1359 newformat[fp - item_start] = 0;
1361 /* Short int is promoted to int when passing through ..., so we must use
1362 int for va_arg(). */
1367 case L_NORMAL: p += sprintf(CS p, newformat, va_arg(ap, int)); break;
1368 case L_LONG: p += sprintf(CS p, newformat, va_arg(ap, long int)); break;
1369 case L_LONGLONG: p += sprintf(CS p, newformat, va_arg(ap, LONGLONG_T)); break;
1370 case L_SIZE: p += sprintf(CS p, newformat, va_arg(ap, size_t)); break;
1377 if (p >= last - 24) { yield = FALSE; goto END_FORMAT; }
1378 /* sprintf() saying "(nil)" for a null pointer seems unreliable.
1379 Handle it explicitly. */
1380 if ((ptr = va_arg(ap, void *)))
1382 strncpy(newformat, item_start, fp - item_start);
1383 newformat[fp - item_start] = 0;
1384 p += sprintf(CS p, newformat, ptr);
1387 p += sprintf(CS p, "(nil)");
1391 /* %f format is inherently insecure if the numbers that it may be
1392 handed are unknown (e.g. 1e300). However, in Exim, %f is used for
1393 printing load averages, and these are actually stored as integers
1394 (load average * 1000) so the size of the numbers is constrained.
1395 It is also used for formatting sending rates, where the simplicity
1396 of the format prevents overflow. */
1403 if (precision < 0) precision = 6;
1404 if (p >= last - precision - 8) { yield = FALSE; goto END_FORMAT; }
1405 strncpy(newformat, item_start, fp - item_start);
1406 newformat[fp-item_start] = 0;
1407 if (length == L_LONGDOUBLE)
1408 p += sprintf(CS p, newformat, va_arg(ap, long double));
1410 p += sprintf(CS p, newformat, va_arg(ap, double));
1416 if (p >= last) { yield = FALSE; goto END_FORMAT; }
1421 if (p >= last) { yield = FALSE; goto END_FORMAT; }
1422 *p++ = va_arg(ap, int);
1425 case 'D': /* Insert daily datestamp for log file names */
1426 s = CS tod_stamp(tod_log_datestamp_daily);
1427 string_datestamp_offset = p - buffer; /* Passed back via global */
1428 string_datestamp_length = Ustrlen(s); /* Passed back via global */
1429 string_datestamp_type = tod_log_datestamp_daily;
1430 slen = string_datestamp_length;
1433 case 'M': /* Insert monthly datestamp for log file names */
1434 s = CS tod_stamp(tod_log_datestamp_monthly);
1435 string_datestamp_offset = p - buffer; /* Passed back via global */
1436 string_datestamp_length = Ustrlen(s); /* Passed back via global */
1437 string_datestamp_type = tod_log_datestamp_monthly;
1438 slen = string_datestamp_length;
1442 case 'S': /* Forces *lower* case */
1443 case 'T': /* Forces *upper* case */
1444 s = va_arg(ap, char *);
1446 if (s == NULL) s = null;
1449 INSERT_STRING: /* Come to from %D or %M above */
1451 /* If the width is specified, check that there is a precision
1452 set; if not, set it to the width to prevent overruns of long
1457 if (precision < 0) precision = width;
1460 /* If a width is not specified and the precision is specified, set
1461 the width to the precision, or the string length if shorted. */
1463 else if (precision >= 0)
1465 width = (precision < slen)? precision : slen;
1468 /* If neither are specified, set them both to the string length. */
1470 else width = precision = slen;
1472 /* Check string space, and add the string to the buffer if ok. If
1473 not OK, add part of the string (debugging uses this to show as
1474 much as possible). */
1481 if (p >= last - width)
1484 width = precision = last - p - 1;
1485 if (width < 0) width = 0;
1486 if (precision < 0) precision = 0;
1488 sprintf(CS p, "%*.*s", width, precision, s);
1490 while (*p) { *p = tolower(*p); p++; }
1491 else if (fp[-1] == 'T')
1492 while (*p) { *p = toupper(*p); p++; }
1495 if (!yield) goto END_FORMAT;
1498 /* Some things are never used in Exim; also catches junk. */
1501 strncpy(newformat, item_start, fp - item_start);
1502 newformat[fp-item_start] = 0;
1503 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "string_format: unsupported type "
1504 "in \"%s\" in \"%s\"", newformat, format);
1509 /* Ensure string is complete; return TRUE if got to the end of the format */
1519 #ifndef COMPILE_UTILITY
1520 /*************************************************
1521 * Generate an "open failed" message *
1522 *************************************************/
1524 /* This function creates a message after failure to open a file. It includes a
1525 string supplied as data, adds the strerror() text, and if the failure was
1526 "Permission denied", reads and includes the euid and egid.
1529 eno the value of errno after the failure
1530 format a text format string - deliberately not uschar *
1531 ... arguments for the format string
1533 Returns: a message, in dynamic store
1537 string_open_failed(int eno, const char *format, ...)
1540 uschar buffer[1024];
1542 Ustrcpy(buffer, "failed to open ");
1543 va_start(ap, format);
1545 /* Use the checked formatting routine to ensure that the buffer
1546 does not overflow. It should not, since this is called only for internally
1547 specified messages. If it does, the message just gets truncated, and there
1548 doesn't seem much we can do about that. */
1550 (void)string_vformat(buffer+15, sizeof(buffer) - 15, format, ap);
1553 return (eno == EACCES)?
1554 string_sprintf("%s: %s (euid=%ld egid=%ld)", buffer, strerror(eno),
1555 (long int)geteuid(), (long int)getegid()) :
1556 string_sprintf("%s: %s", buffer, strerror(eno));
1558 #endif /* COMPILE_UTILITY */
1564 #ifndef COMPILE_UTILITY
1565 /* qsort(3), currently used to sort the environment variables
1566 for -bP environment output, needs a function to compare two pointers to string
1567 pointers. Here it is. */
1570 string_compare_by_pointer(const void *a, const void *b)
1572 return Ustrcmp(* CUSS a, * CUSS b);
1574 #endif /* COMPILE_UTILITY */
1578 /*************************************************
1579 **************************************************
1580 * Stand-alone test program *
1581 **************************************************
1582 *************************************************/
1589 printf("Testing is_ip_address\n");
1591 while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1594 buffer[Ustrlen(buffer) - 1] = 0;
1595 printf("%d\n", string_is_ip_address(buffer, NULL));
1596 printf("%d %d %s\n", string_is_ip_address(buffer, &offset), offset, buffer);
1599 printf("Testing string_nextinlist\n");
1601 while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1603 uschar *list = buffer;
1611 sep1 = sep2 = list[1];
1618 uschar *item1 = string_nextinlist(&lp1, &sep1, item, sizeof(item));
1619 uschar *item2 = string_nextinlist(&lp2, &sep2, NULL, 0);
1621 if (item1 == NULL && item2 == NULL) break;
1622 if (item == NULL || item2 == NULL || Ustrcmp(item1, item2) != 0)
1624 printf("***ERROR\nitem1=\"%s\"\nitem2=\"%s\"\n",
1625 (item1 == NULL)? "NULL" : CS item1,
1626 (item2 == NULL)? "NULL" : CS item2);
1629 else printf(" \"%s\"\n", CS item1);
1633 /* This is a horrible lash-up, but it serves its purpose. */
1635 printf("Testing string_format\n");
1637 while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1640 long long llargs[3];
1650 buffer[Ustrlen(buffer) - 1] = 0;
1652 s = Ustrchr(buffer, ',');
1653 if (s == NULL) s = buffer + Ustrlen(buffer);
1655 Ustrncpy(format, buffer, s - buffer);
1656 format[s-buffer] = 0;
1663 s = Ustrchr(ss, ',');
1664 if (s == NULL) s = ss + Ustrlen(ss);
1668 Ustrncpy(outbuf, ss, s-ss);
1669 if (Ustrchr(outbuf, '.') != NULL)
1672 dargs[n++] = Ustrtod(outbuf, NULL);
1674 else if (Ustrstr(outbuf, "ll") != NULL)
1677 llargs[n++] = strtoull(CS outbuf, NULL, 10);
1681 args[n++] = (void *)Uatoi(outbuf);
1685 else if (Ustrcmp(ss, "*") == 0)
1687 args[n++] = (void *)(&count);
1693 uschar *sss = malloc(s - ss + 1);
1694 Ustrncpy(sss, ss, s-ss);
1701 if (!dflag && !llflag)
1702 printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1703 args[0], args[1], args[2])? "True" : "False");
1706 printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1707 dargs[0], dargs[1], dargs[2])? "True" : "False");
1709 else printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1710 llargs[0], llargs[1], llargs[2])? "True" : "False");
1712 printf("%s\n", CS outbuf);
1713 if (countset) printf("count=%d\n", count);
1720 /* End of string.c */