*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 */
+/* Copyright (c) The Exim Maintainers 2020 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */
/* Miscellaneous string-handling functions. Some are not required for
/* This function is called for critical strings. It checks for any
non-printing characters, and if any are found, it makes a new copy
of the string with suitable escape sequences. It is most often called by the
-macro string_printing(), which sets allow_tab TRUE.
+macro string_printing(), which sets flags to 0.
Arguments:
s the input string
- allow_tab TRUE to allow tab as a printing character
+ flags Bit 0: convert tabs. Bit 1: convert spaces.
Returns: string with non-printers encoded as printing sequences
*/
const uschar *
-string_printing2(const uschar *s, BOOL allow_tab)
+string_printing2(const uschar *s, int flags)
{
int nonprintcount = 0;
int length = 0;
const uschar *t = s;
uschar *ss, *tt;
-while (*t != 0)
+while (*t)
{
int c = *t++;
- if (!mac_isprint(c) || (!allow_tab && c == '\t')) nonprintcount++;
+ if ( !mac_isprint(c)
+ || flags & SP_TAB && c == '\t'
+ || flags & SP_SPACE && c == ' '
+ ) nonprintcount++;
length++;
}
/* Get a new block of store guaranteed big enough to hold the
expanded string. */
-ss = store_get(length + nonprintcount * 3 + 1, is_tainted(s));
+tt = ss = store_get(length + nonprintcount * 3 + 1, s);
/* Copy everything, escaping non printers. */
-t = s;
-tt = ss;
-
-while (*t != 0)
+for (t = s; *t; )
{
int c = *t;
- if (mac_isprint(c) && (allow_tab || c != '\t')) *tt++ = *t++; else
+ if ( mac_isprint(c)
+ && (!(flags & SP_TAB) || c != '\t')
+ && (!(flags & SP_SPACE) || c != ' ')
+ )
+ *tt++ = *t++;
+ else
{
*tt++ = '\\';
switch (*t)
if (!p) return s;
len = Ustrlen(s) + 1;
-ss = store_get(len, is_tainted(s));
+ss = store_get(len, s);
q = ss;
off = p - s;
*/
uschar *
-string_copy_function(const uschar *s)
+string_copy_function(const uschar * s)
{
-return string_copy_taint(s, is_tainted(s));
+return string_copy_taint(s, s);
}
-/* This function assumes that memcpy() is faster than strcpy().
-As above, but explicitly specifying the result taint status
+/* As above, but explicitly specifying the result taint status
*/
uschar *
-string_copy_taint_function(const uschar * s, BOOL tainted)
+string_copy_taint_function(const uschar * s, const void * proto_mem)
{
-int len = Ustrlen(s) + 1;
-uschar *ss = store_get(len, tainted);
-memcpy(ss, s, len);
-return ss;
+return string_copy_taint(s, proto_mem);
}
*/
uschar *
-string_copyn_function(const uschar *s, int n)
+string_copyn_function(const uschar * s, int n)
{
-uschar *ss = store_get(n + 1, is_tainted(s));
-Ustrncpy(ss, s, n);
-ss[n] = 0;
-return ss;
+return string_copyn(s, n);
}
#endif
*/
uschar *
-string_copy_malloc(const uschar *s)
+string_copy_malloc(const uschar * s)
{
int len = Ustrlen(s) + 1;
-uschar *ss = store_malloc(len);
+uschar * ss = store_malloc(len);
memcpy(ss, s, len);
return ss;
}
*/
uschar *
-string_split_message(uschar *msg)
+string_split_message(uschar * msg)
{
uschar *s, *ss;
-if (msg == NULL || Ustrlen(msg) <= 75) return msg;
+if (!msg || Ustrlen(msg) <= 75) return msg;
s = ss = msg = string_copy(msg);
for (;;)
{
int i = 0;
- while (i < 75 && *ss != 0 && *ss != '\n') ss++, i++;
- if (*ss == 0) break;
+ while (i < 75 && *ss && *ss != '\n') ss++, i++;
+ if (!*ss) break;
if (*ss == '\n')
s = ++ss;
else
{
- uschar *t = ss + 1;
- uschar *tt = NULL;
+ uschar * t = ss + 1;
+ uschar * tt = NULL;
while (--t > s + 35)
{
if (*t == ' ')
{
if (t[-1] == ':') { tt = t; break; }
- if (tt == NULL) tt = t;
+ if (!tt) tt = t;
}
}
- if (tt == NULL) /* Can't split behind - try ahead */
+ if (!tt) /* Can't split behind - try ahead */
{
t = ss + 1;
- while (*t != 0)
+ while (*t)
{
if (*t == ' ' || *t == '\n')
{ tt = t; break; }
}
}
- if (tt == NULL) break; /* Can't find anywhere to split */
+ if (!tt) break; /* Can't find anywhere to split */
*tt = '\n';
s = ss = tt+1;
}
*/
uschar *
-string_copy_dnsdomain(uschar *s)
+string_copy_dnsdomain(uschar * s)
{
-uschar *yield;
-uschar *ss = yield = store_get(Ustrlen(s) + 1, is_tainted(s));
+uschar * yield;
+uschar * ss = yield = store_get(Ustrlen(s) + 1, GET_TAINTED); /* always treat as tainted */
-while (*s != 0)
+while (*s)
{
if (*s != '\\')
*ss++ = *s++;
*ss++ = (s[1] - '0')*100 + (s[2] - '0')*10 + s[3] - '0';
s += 4;
}
- else if (*(++s) != 0)
+ else if (*++s)
*ss++ = *s++;
}
*/
uschar *
-string_dequote(const uschar **sptr)
+string_dequote(const uschar ** sptr)
{
-const uschar *s = *sptr;
-uschar *t, *yield;
+const uschar * s = * sptr;
+uschar * t, * yield;
/* First find the end of the string */
if (*s != '\"')
- while (*s != 0 && !isspace(*s)) s++;
+ while (*s && !isspace(*s)) s++;
else
{
s++;
/* Get enough store to copy into */
-t = yield = store_get(s - *sptr + 1, is_tainted(*sptr));
+t = yield = store_get(s - *sptr + 1, *sptr);
s = *sptr;
/* Do the copy */
if (*s != '\"')
- while (*s != 0 && !isspace(*s)) *t++ = *s++;
+ while (*s && !isspace(*s)) *t++ = *s++;
else
{
s++;
- while (*s != 0 && *s != '\"')
+ while (*s && *s != '\"')
{
*t++ = *s == '\\' ? string_interpret_escape(&s) : *s;
s++;
Arguments:
format a printf() format - deliberately char * rather than uschar *
because it will most usually be a literal string
+ func caller, for debug
+ line caller, for debug
... arguments for format
Returns: pointer to fresh piece of store containing sprintf'ed string
*/
uschar *
-string_sprintf_trc(const char *format, const uschar * func, unsigned line, ...)
+string_sprintf_trc(const char * format, const uschar * func, unsigned line, ...)
{
#ifdef COMPILE_UTILITY
uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
*/
int
-strncmpic(const uschar *s, const uschar *t, int n)
+strncmpic(const uschar * s, const uschar * t, int n)
{
while (n--)
{
*/
int
-strcmpic(const uschar *s, const uschar *t)
+strcmpic(const uschar * s, const uschar * t)
{
-while (*s != 0)
+while (*s)
{
int c = tolower(*s++) - tolower(*t++);
if (c != 0) return c;
Returns: pointer to substring in string, or NULL if not found
*/
-uschar *
-strstric(uschar *s, uschar *t, BOOL space_follows)
+const uschar *
+strstric_c(const uschar * s, const uschar * t, BOOL space_follows)
{
-uschar *p = t;
-uschar *yield = NULL;
+const uschar * p = t;
+const uschar * yield = NULL;
int cl = tolower(*p);
int cu = toupper(*p);
{
if (*s == cl || *s == cu)
{
- if (yield == NULL) yield = s;
- if (*(++p) == 0)
+ if (!yield) yield = s;
+ if (!*++p)
{
if (!space_follows || s[1] == ' ' || s[1] == '\n' ) return yield;
yield = NULL;
cu = toupper(*p);
s++;
}
- else if (yield != NULL)
+ else if (yield)
{
yield = NULL;
p = t;
return NULL;
}
+uschar *
+strstric(uschar * s, uschar * t, BOOL space_follows)
+{
+return US strstric_c(s, t, space_follows);
+}
#ifdef COMPILE_UTILITY
separator a pointer to the separator character in an int (see above)
buffer where to put a copy of the next string in the list; or
NULL if the next string is returned in new memory
+ Note that if the list is tainted then a provided buffer must be
+ also (else we trap, with a message referencing the callsite).
+ If we do the allocation, taint is handled there.
buflen when buffer is not NULL, the size of buffer; otherwise ignored
+ func caller, for debug
+ line caller, for debug
+
Returns: pointer to buffer, containing the next substring,
or NULL if no more substrings
*/
uschar *
-string_nextinlist_trc(const uschar **listptr, int *separator, uschar *buffer, int buflen,
- const uschar * func, int line)
+string_nextinlist_trc(const uschar ** listptr, int * separator, uschar * buffer,
+ int buflen, const uschar * func, int line)
{
int sep = *separator;
-const uschar *s = *listptr;
+const uschar * s = *listptr;
BOOL sep_is_special;
if (!s) return NULL;
sep_is_special = iscntrl(sep);
/* Handle the case when a buffer is provided. */
+/*XXX need to also deal with qouted-requirements mismatch */
if (buffer)
{
start of a string. Avoid getting working memory for an empty item. */
if (*s == sep)
- {
- s++;
- if (*s != sep || sep_is_special)
+ if (*++s != sep || sep_is_special)
{
*listptr = s;
return string_copy(US"");
}
- }
/* Not an empty string; the first character is guaranteed to be a data
character. */
s = ss;
if (!*s || *++s != sep || sep_is_special) break;
}
- while (g->ptr > 0 && isspace(g->s[g->ptr-1])) g->ptr--;
+
+ /* Trim trailing spaces from the returned string */
+
+ /* while (g->ptr > 0 && isspace(g->s[g->ptr-1])) g->ptr--; */
+ while ( g->ptr > 0 && isspace(g->s[g->ptr-1])
+ && (g->ptr == 1 || g->s[g->ptr-2] != '\\') )
+ g->ptr--;
buffer = string_from_gstring(g);
- gstring_release_unused(g);
+ gstring_release_unused_trc(g, CCS func, line);
}
/* Update the current pointer and return the new string */
{
int p = g->ptr;
int oldsize = g->size;
-BOOL tainted = is_tainted(g->s);
/* Mostly, string_cat() is used to build small strings of a few hundred
characters at most. There are times, however, when the strings are very much
unsigned inc = oldsize < 4096 ? 127 : 1023;
+if (g->ptr < 0 || g->ptr > g->size || g->size >= INT_MAX/2)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "internal error in gstring_grow (ptr %d size %d)", g->ptr, g->size);
+
if (count <= 0) return;
+
+if (count >= INT_MAX/2 - g->ptr)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "internal error in gstring_grow (ptr %d count %d)", g->ptr, count);
+
g->size = (p + count + inc + 1) & ~inc; /* one for a NUL */
/* Try to extend an existing allocation. If the result of calling
was the last item on the dynamic memory stack. This is the case if it matches
store_last_get. */
-if (!store_extend(g->s, tainted, oldsize, g->size))
- g->s = store_newblock(g->s, tainted, g->size, p);
+if (!store_extend(g->s, oldsize, g->size))
+ g->s = store_newblock(g->s, g->size, p);
}
sometimes called to extract parts of other strings.
Arguments:
- string points to the start of the string that is being built, or NULL
- if this is a new string that has no contents yet
+ g growable-string that is being built, or NULL if not assigned yet
s points to characters to add
count count of characters to add; must not exceed the length of s, if s
is a C string.
-Returns: pointer to the start of the string, changed if copied for expansion.
+Returns: growable string, changed if copied for expansion.
Note that a NUL is not added, though space is left for one. This is
because string_cat() is often called multiple times to build up a
string - there's no point adding the NUL till the end.
+ NULL is a possible return.
*/
/* coverity[+alloc] */
gstring *
-string_catn(gstring * g, const uschar *s, int count)
+string_catn(gstring * g, const uschar * s, int count)
{
int p;
-BOOL srctaint = is_tainted(s);
+if (count < 0)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "internal error in string_catn (count %d)", count);
+if (count == 0) return g;
+
+/*debug_printf("string_catn '%.*s'\n", count, s);*/
if (!g)
{
unsigned inc = count < 4096 ? 127 : 1023;
- unsigned size = ((count + inc) & ~inc) + 1;
- g = string_get_tainted(size, srctaint);
+ unsigned size = ((count + inc) & ~inc) + 1; /* round up requested count */
+ g = string_get_tainted(size, s);
+ }
+else if (!g->s) /* should not happen */
+ {
+ g->s = string_copyn(s, count);
+ g->ptr = count;
+ g->size = count; /*XXX suboptimal*/
+ return g;
+ }
+else if (is_incompatible(g->s, s))
+ {
+/* debug_printf("rebuf A\n"); */
+ gstring_rebuffer(g, s);
}
-else if (srctaint && !is_tainted(g->s))
- gstring_rebuffer(g);
+
+if (g->ptr < 0 || g->ptr > g->size)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "internal error in string_catn (ptr %d size %d)", g->ptr, g->size);
p = g->ptr;
-if (p + count >= g->size)
+if (count >= g->size - p)
gstring_grow(g, count);
/* Because we always specify the exact number of characters to copy, we can
gstring *
-string_cat(gstring *string, const uschar *s)
+string_cat(gstring * g, const uschar * s)
{
-return string_catn(string, s, Ustrlen(s));
+return string_catn(g, s, Ustrlen(s));
}
It calls string_cat() to do the dirty work.
Arguments:
- string expanding-string that is being built, or NULL
- if this is a new string that has no contents yet
+ g growable-string that is being built, or NULL if not yet assigned
count the number of strings to append
... "count" uschar* arguments, which must be valid zero-terminated
C strings
-Returns: pointer to the start of the string, changed if copied for expansion.
+Returns: growable string, changed if copied for expansion.
The string is not zero-terminated - see string_cat() above.
*/
__inline__ gstring *
-string_append(gstring *string, int count, ...)
+string_append(gstring * g, int count, ...)
{
va_list ap;
va_start(ap, count);
while (count-- > 0)
{
- uschar *t = va_arg(ap, uschar *);
- string = string_cat(string, t);
+ uschar * t = va_arg(ap, uschar *);
+ g = string_cat(g, t);
}
va_end(ap);
-return string;
+return g;
}
#endif
string_format_trc(uschar * buffer, int buflen,
const uschar * func, unsigned line, const char * format, ...)
{
-gstring g = { .size = buflen, .ptr = 0, .s = buffer }, *gp;
+gstring g = { .size = buflen, .ptr = 0, .s = buffer }, * gp;
va_list ap;
va_start(ap, format);
gp = string_vformat_trc(&g, func, line, STRING_SPRINTF_BUFFER_SIZE,
gstring *
string_vformat_trc(gstring * g, const uschar * func, unsigned line,
- unsigned size_limit, unsigned flags, const char *format, va_list ap)
+ unsigned size_limit, unsigned flags, const char * format, va_list ap)
{
enum ltypes { L_NORMAL=1, L_SHORT=2, L_LONG=3, L_LONGLONG=4, L_LONGDOUBLE=5, L_SIZE=6 };
int width, precision, off, lim, need;
const char * fp = format; /* Deliberately not unsigned */
-BOOL dest_tainted = FALSE;
string_datestamp_offset = -1; /* Datestamp not inserted */
string_datestamp_length = 0; /* Datestamp not inserted */
/* Ensure we have a string, to save on checking later */
if (!g) g = string_get(16);
-else if (!(flags & SVFMT_TAINT_NOCHK)) dest_tainted = is_tainted(g->s);
-if (!(flags & SVFMT_TAINT_NOCHK) && !dest_tainted && is_tainted(format))
+if (!(flags & SVFMT_TAINT_NOCHK) && is_incompatible(g->s, format))
{
#ifndef MACRO_PREDEF
if (!(flags & SVFMT_REBUFFER))
die_tainted(US"string_vformat", func, line);
#endif
- gstring_rebuffer(g);
- dest_tainted = TRUE;
+/* debug_printf("rebuf B\n"); */
+ gstring_rebuffer(g, format);
}
#endif /*!COMPILE_UTILITY*/
while (*fp)
{
int length = L_NORMAL;
- int *nptr;
+ int * nptr;
int slen;
const char *null = "NULL"; /* ) These variables */
const char *item_start, *s; /* ) are deliberately */
if (!s) s = null;
slen = Ustrlen(s);
- if (!(flags & SVFMT_TAINT_NOCHK) && !dest_tainted && is_tainted(s))
+ if (!(flags & SVFMT_TAINT_NOCHK) && is_incompatible(g->s, s))
if (flags & SVFMT_REBUFFER)
{
- gstring_rebuffer(g);
+/* debug_printf("%s %d: untainted workarea, tainted %%s :- rebuffer\n", __FUNCTION__, __LINE__); */
+ gstring_rebuffer(g, s);
gp = CS g->s + g->ptr;
- dest_tainted = TRUE;
}
#ifndef MACRO_PREDEF
else
"Permission denied", reads and includes the euid and egid.
Arguments:
- eno the value of errno after the failure
format a text format string - deliberately not uschar *
+ func caller, for debug
+ line caller, for debug
... arguments for the format string
Returns: a message, in dynamic store
*/
uschar *
-string_open_failed_trc(int eno, const uschar * func, unsigned line,
- const char *format, ...)
+string_open_failed_trc(const uschar * func, unsigned line,
+ const char * format, ...)
{
va_list ap;
gstring * g = string_get(1024);
va_start(ap, format);
(void) string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE,
SVFMT_REBUFFER, format, ap);
-string_from_gstring(g);
-gstring_release_unused(g);
va_end(ap);
-return eno == EACCES
- ? string_sprintf("%s: %s (euid=%ld egid=%ld)", g->s, strerror(eno),
- (long int)geteuid(), (long int)getegid())
- : string_sprintf("%s: %s", g->s, strerror(eno));
+g = string_catn(g, US": ", 2);
+g = string_cat(g, US strerror(errno));
+
+if (errno == EACCES)
+ {
+ int save_errno = errno;
+ g = string_fmt_append(g, " (euid=%ld egid=%ld)",
+ (long int)geteuid(), (long int)getegid());
+ errno = save_errno;
+ }
+gstring_release_unused(g);
+return string_from_gstring(g);
}
-#endif /* COMPILE_UTILITY */
-#ifndef COMPILE_UTILITY
/* qsort(3), currently used to sort the environment variables
for -bP environment output, needs a function to compare two pointers to string
pointers. Here it is. */
uschar buffer[256];
printf("Testing is_ip_address\n");
+store_init();
while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
{