X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/268d00ffff678f5c061e34880020d164dca5795e..3d2e82c5729148f3f88fbb7de7e6dcbc20d0c867:/src/src/mytypes.h

diff --git a/src/src/mytypes.h b/src/src/mytypes.h
index a74705739..eba3f7e9d 100644
--- a/src/src/mytypes.h
+++ b/src/src/mytypes.h
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 
@@ -13,6 +13,8 @@ local_scan.h includes it and exim.h includes them both (to get this earlier). */
 #ifndef MYTYPES_H
 #define MYTYPES_H
 
+# include <string.h>
+
 #ifndef FALSE
 # define FALSE         0
 #endif
@@ -33,10 +35,16 @@ the arguments of printf-like functions. This is done by a macro. */
 # define PRINTF_FUNCTION(A,B)	__attribute__((format(printf,A,B)))
 # define ARG_UNUSED		__attribute__((__unused__))
 # define WARN_UNUSED_RESULT	__attribute__((__warn_unused_result__))
+# define ALLOC			__attribute__((malloc))
+# define ALLOC_SIZE(A)		__attribute__((alloc_size(A)))
+# define NORETURN		__attribute__((noreturn))
 #else
 # define PRINTF_FUNCTION(A,B)
-# define ARG_UNUSED  /**/
-# define WARN_UNUSED_RESULT /**/
+# define ARG_UNUSED		/**/
+# define WARN_UNUSED_RESULT	/**/
+# define ALLOC			/**/
+# define ALLOC_SIZE(A)		/**/
+# define NORETURN		/**/
 #endif
 
 #ifdef WANT_DEEPER_PRINTF_CHECKS
@@ -69,6 +77,7 @@ almost always literal strings. */
 #define CUS  (const unsigned char *)
 #define USS  (unsigned char **)
 #define CUSS (const unsigned char **)
+#define CCSS (const char **)
 
 /* The C library string functions expect "char *" arguments. Use macros to
 avoid having to write a cast each time. We do this for string and file
@@ -79,7 +88,6 @@ functions that are called quite often; for other calls to external libraries
 #define Uatol(s)           atol(CCS(s))
 #define Uchdir(s)          chdir(CCS(s))
 #define Uchmod(s,n)        chmod(CCS(s),n)
-#define Uchown(s,n,m)      chown(CCS(s),n,m)
 #define Ufgets(b,n,f)      fgets(CS(b),n,f)
 #define Ufopen(s,t)        fopen(CCS(s),CCS(t))
 #define Ulink(s,t)         link(CCS(s),CCS(t))
@@ -93,18 +101,20 @@ functions that are called quite often; for other calls to external libraries
 #define Uread(f,b,l)       read(f,CS(b),l)
 #define Urename(s,t)       rename(CCS(s),CCS(t))
 #define Ustat(s,t)         stat(CCS(s),t)
-#define Ustrcat(s,t)       strcat(CS(s),CCS(t))
+#define Ustrcat(s,t)       __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__)
 #define Ustrchr(s,n)       US strchr(CCS(s),n)
 #define CUstrchr(s,n)      CUS strchr(CCS(s),n)
 #define CUstrerror(n)      CUS strerror(n)
 #define Ustrcmp(s,t)       strcmp(CCS(s),CCS(t))
-#define Ustrcpy(s,t)       strcpy(CS(s),CCS(t))
+#define Ustrcpy(s,t)       __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__)
+#define Ustrcpy_nt(s,t)    strcpy(CS s, CCS t)		/* no taint check */
 #define Ustrcspn(s,t)      strcspn(CCS(s),CCS(t))
 #define Ustrftime(s,m,f,t) strftime(CS(s),m,f,t)
 #define Ustrlen(s)         (int)strlen(CCS(s))
-#define Ustrncat(s,t,n)    strncat(CS(s),CCS(t),n)
+#define Ustrncat(s,t,n)    __Ustrncat(s, CUS(t),n, __FUNCTION__, __LINE__)
 #define Ustrncmp(s,t,n)    strncmp(CCS(s),CCS(t),n)
-#define Ustrncpy(s,t,n)    strncpy(CS(s),CCS(t),n)
+#define Ustrncpy(s,t,n)    __Ustrncpy(s, CUS(t),n, __FUNCTION__, __LINE__)
+#define Ustrncpy_nt(s,t,n) strncpy(CS s, CCS t, n)	/* no taint check */
 #define Ustrpbrk(s,t)      strpbrk(CCS(s),CCS(t))
 #define Ustrrchr(s,n)      US strrchr(CCS(s),n)
 #define CUstrrchr(s,n)     CUS strrchr(CCS(s),n)
@@ -115,6 +125,58 @@ functions that are called quite often; for other calls to external libraries
 #define Ustrtol(s,t,b)     strtol(CCS(s),CSS(t),b)
 #define Ustrtoul(s,t,b)    strtoul(CCS(s),CSS(t),b)
 #define Uunlink(s)         unlink(CCS(s))
+
+extern void die_tainted(const uschar *, const uschar *, int);
+
+/* Predicate: if an address is in a tainted pool.
+By extension, a variable pointing to this address is tainted.
+*/
+
+static inline BOOL
+is_tainted(const void * p)
+{
+#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF)
+return FALSE;
+
+#elif !defined(TAINT_CHECK_FAST)
+extern BOOL is_tainted_fn(const void *);
+return is_tainted_fn(p);
+
+#else
+extern void * tainted_base, * tainted_top;
+return p >= tainted_base && p < tainted_top;
 #endif
+}
 
+static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line)
+{
+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line);
+#endif
+return US strcat(CS dst, CCS src);
+}
+static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line)
+{
+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line);
+#endif
+return US strcpy(CS dst, CCS src);
+}
+static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line)
+{
+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line);
+#endif
+return US strncat(CS dst, CCS src, n);
+}
+static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line)
+{
+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line);
+#endif
+return US strncpy(CS dst, CCS src, n);
+}
+/*XXX will likely need unchecked copy also */
+
+#endif
 /* End of mytypes.h */