X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/bf13aee1aa701b1d838a09abd25ded986069e2ef..92583637b25b6bde926f9ca6be7b085e5ac8b1e6:/src/src/string.c diff --git a/src/src/string.c b/src/src/string.c index a20807054..afdb517a2 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -3,6 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ /* Miscellaneous string-handling functions. Some are not required for @@ -12,7 +13,6 @@ utilities and tests, and are cut out by the COMPILE_UTILITY macro. */ #include "exim.h" #include -static void gstring_rebuffer(gstring * g); #ifndef COMPILE_UTILITY /************************************************* @@ -281,17 +281,17 @@ return ch; /* This function is called for critical strings. It checks for any non-printing characters, and if any are found, it makes a new copy of the string with suitable escape sequences. It is most often called by the -macro string_printing(), which sets allow_tab TRUE. +macro string_printing(), which sets flags to 0. Arguments: s the input string - allow_tab TRUE to allow tab as a printing character + flags Bit 0: convert tabs. Bit 1: convert spaces. Returns: string with non-printers encoded as printing sequences */ const uschar * -string_printing2(const uschar *s, BOOL allow_tab) +string_printing2(const uschar *s, int flags) { int nonprintcount = 0; int length = 0; @@ -301,7 +301,10 @@ uschar *ss, *tt; while (*t != 0) { int c = *t++; - if (!mac_isprint(c) || (!allow_tab && c == '\t')) nonprintcount++; + if ( !mac_isprint(c) + || flags & SP_TAB && c == '\t' + || flags & SP_SPACE && c == ' ' + ) nonprintcount++; length++; } @@ -310,17 +313,19 @@ if (nonprintcount == 0) return s; /* Get a new block of store guaranteed big enough to hold the expanded string. */ -ss = store_get(length + nonprintcount * 3 + 1, is_tainted(s)); +tt = ss = store_get(length + nonprintcount * 3 + 1, is_tainted(s)); /* Copy everything, escaping non printers. */ -t = s; -tt = ss; - -while (*t != 0) +for (t = s; *t; ) { int c = *t; - if (mac_isprint(c) && (allow_tab || c != '\t')) *tt++ = *t++; else + if ( mac_isprint(c) + && (!(flags & SP_TAB) || c != '\t') + && (!(flags & SP_SPACE) || c != ' ') + ) + *tt++ = *t++; + else { *tt++ = '\\'; switch (*t) @@ -570,23 +575,19 @@ uschar * string_copy_dnsdomain(uschar *s) { uschar *yield; -uschar *ss = yield = store_get(Ustrlen(s) + 1, is_tainted(s)); +uschar *ss = yield = store_get(Ustrlen(s) + 1, TRUE); /* always treat as tainted */ while (*s != 0) { if (*s != '\\') - { *ss++ = *s++; - } else if (isdigit(s[1])) { *ss++ = (s[1] - '0')*100 + (s[2] - '0')*10 + s[3] - '0'; s += 4; } else if (*(++s) != 0) - { *ss++ = *s++; - } } *ss = 0; @@ -678,12 +679,20 @@ Returns: pointer to fresh piece of store containing sprintf'ed string uschar * string_sprintf_trc(const char *format, const uschar * func, unsigned line, ...) { -gstring * g; -va_list ap; +#ifdef COMPILE_UTILITY +uschar buffer[STRING_SPRINTF_BUFFER_SIZE]; +gstring gs = { .size = STRING_SPRINTF_BUFFER_SIZE, .ptr = 0, .s = buffer }; +gstring * g = &gs; +unsigned flags = 0; +#else +gstring * g = NULL; +unsigned flags = SVFMT_REBUFFER|SVFMT_EXTEND; +#endif +va_list ap; va_start(ap, line); -g = string_vformat_trc(NULL, func, line, STRING_SPRINTF_BUFFER_SIZE, - SVFMT_REBUFFER|SVFMT_EXTEND, format, ap); +g = string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE, + flags, format, ap); va_end(ap); if (!g) @@ -692,8 +701,12 @@ if (!g) " called from %s %d\n", STRING_SPRINTF_BUFFER_SIZE, format, func, line); +#ifdef COMPILE_UTILITY +return string_copyn(g->s, g->ptr); +#else gstring_release_unused(g); return string_from_gstring(g); +#endif } @@ -845,6 +858,9 @@ Arguments: separator a pointer to the separator character in an int (see above) buffer where to put a copy of the next string in the list; or NULL if the next string is returned in new memory + Note that if the list is tainted then a provided buffer must be + also (else we trap, with a message referencing the callsite). + If we do the allocation, taint is handled there. buflen when buffer is not NULL, the size of buffer; otherwise ignored Returns: pointer to buffer, containing the next substring, @@ -852,7 +868,8 @@ Returns: pointer to buffer, containing the next substring, */ uschar * -string_nextinlist(const uschar **listptr, int *separator, uschar *buffer, int buflen) +string_nextinlist_trc(const uschar **listptr, int *separator, uschar *buffer, int buflen, + const uschar * func, int line) { int sep = *separator; const uschar *s = *listptr; @@ -895,6 +912,8 @@ sep_is_special = iscntrl(sep); if (buffer) { int p = 0; + if (is_tainted(s) && !is_tainted(buffer)) + die_tainted(US"string_nextinlist", func, line); for (; *s; s++) { if (*s == sep && (*(++s) != sep || sep_is_special)) break; @@ -916,14 +935,11 @@ else start of a string. Avoid getting working memory for an empty item. */ if (*s == sep) - { - s++; - if (*s != sep || sep_is_special) + if (*++s != sep || sep_is_special) { *listptr = s; return string_copy(US""); } - } /* Not an empty string; the first character is guaranteed to be a data character. */ @@ -936,7 +952,10 @@ else s = ss; if (!*s || *++s != sep || sep_is_special) break; } - while (g->ptr > 0 && isspace(g->s[g->ptr-1])) g->ptr--; + /* while (g->ptr > 0 && isspace(g->s[g->ptr-1])) g->ptr--; */ + while ( g->ptr > 0 && isspace(g->s[g->ptr-1]) + && (g->ptr == 1 || g->s[g->ptr-2] != '\\') ) + g->ptr--; buffer = string_from_gstring(g); gstring_release_unused(g); } @@ -1231,29 +1250,33 @@ return !!gp; -/* Copy the content of a string to tainted memory */ -static void -gstring_rebuffer(gstring * g) -{ -uschar * s = store_get(g->size, TRUE); -memcpy(s, g->s, g->ptr); -g->s = s; -} - - /* Build or append to a growing-string, sprintf-style. +Arguments: + g a growable-string + func called-from function name, for debug + line called-from file line number, for debug + limit maximum string size + flags see below + format printf-like format string + ap variable-args pointer + +Flags: + SVFMT_EXTEND buffer can be created or exteded as needed + SVFMT_REBUFFER buffer can be recopied to tainted mem as needed + SVFMT_TAINT_NOCHK do not check inputs for taint + If the "extend" flag is true, the string passed in can be NULL, empty, or non-empty. Growing is subject to an overall limit given -by the size_limit argument. +by the limit argument. If the "extend" flag is false, the string passed in may not be NULL, will not be grown, and is usable in the original place after return. The return value can be NULL to signify overflow. -Returns the possibly-new (if copy for growth was needed) string, -not nul-terminated. +Returns the possibly-new (if copy for growth or taint-handling was needed) +string, not nul-terminated. */ gstring * @@ -1600,7 +1623,6 @@ string supplied as data, adds the strerror() text, and if the failure was "Permission denied", reads and includes the euid and egid. Arguments: - eno the value of errno after the failure format a text format string - deliberately not uschar * ... arguments for the format string @@ -1608,7 +1630,7 @@ Returns: a message, in dynamic store */ uschar * -string_open_failed_trc(int eno, const uschar * func, unsigned line, +string_open_failed_trc(const uschar * func, unsigned line, const char *format, ...) { va_list ap; @@ -1623,23 +1645,27 @@ doesn't seem much we can do about that. */ va_start(ap, format); (void) string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE, - 0, format, ap); -string_from_gstring(g); -gstring_release_unused(g); + SVFMT_REBUFFER, format, ap); va_end(ap); -return eno == EACCES - ? string_sprintf("%s: %s (euid=%ld egid=%ld)", g->s, strerror(eno), - (long int)geteuid(), (long int)getegid()) - : string_sprintf("%s: %s", g->s, strerror(eno)); +g = string_catn(g, US": ", 2); +g = string_cat(g, US strerror(errno)); + +if (errno == EACCES) + { + int save_errno = errno; + g = string_fmt_append(g, " (euid=%ld egid=%ld)", + (long int)geteuid(), (long int)getegid()); + errno = save_errno; + } +gstring_release_unused(g); +return string_from_gstring(g); } -#endif /* COMPILE_UTILITY */ -#ifndef COMPILE_UTILITY /* qsort(3), currently used to sort the environment variables for -bP environment output, needs a function to compare two pointers to string pointers. Here it is. */ @@ -1666,6 +1692,7 @@ int main(void) uschar buffer[256]; printf("Testing is_ip_address\n"); +store_init(); while (fgets(CS buffer, sizeof(buffer), stdin) != NULL) {