[exim.git] / src / src / mytypes.h

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */


/* This header file contains type definitions and macros that I use as
"standard" in the code of Exim and its utilities. Make it idempotent because
local_scan.h includes it and exim.h includes them both (to get this earlier). */

#ifndef MYTYPES_H
#define MYTYPES_H

# include <string.h>

#ifndef FALSE
# define FALSE         0
#endif

#ifndef TRUE
# define TRUE          1
#endif

#ifndef TRUE_UNSET
# define TRUE_UNSET    2
#endif


/* If gcc is being used to compile Exim, we can use its facility for checking
the arguments of printf-like functions. This is done by a macro. */

#if defined(__GNUC__) || defined(__clang__)
# define PRINTF_FUNCTION(A,B)	__attribute__((format(printf,A,B)))
# define ARG_UNUSED		__attribute__((__unused__))
# define WARN_UNUSED_RESULT	__attribute__((__warn_unused_result__))
# define ALLOC			__attribute__((malloc))
# define ALLOC_SIZE(A)		__attribute__((alloc_size(A)))
# define NORETURN		__attribute__((noreturn))
#else
# define PRINTF_FUNCTION(A,B)
# define ARG_UNUSED		/**/
# define WARN_UNUSED_RESULT	/**/
# define ALLOC			/**/
# define ALLOC_SIZE(A)		/**/
# define NORETURN		/**/
#endif

#ifdef WANT_DEEPER_PRINTF_CHECKS
# define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B)
#else
# define ALMOST_PRINTF(A, B)
#endif


/* Some operating systems (naughtily, imo) include a definition for "uchar" in
the standard header files, so we use "uschar". Solaris has u_char in
sys/types.h. This is just a typing convenience, of course. */

typedef unsigned char uschar;
typedef unsigned BOOL;
/* We also have SIGNAL_BOOL, which requires signal.h be included, so is defined
elsewhere */


/* These macros save typing for the casting that is needed to cope with the
mess that is "char" in ISO/ANSI C. Having now been bitten enough times by
systems where "char" is actually signed, I've converted Exim to use entirely
unsigned chars, except in a few special places such as arguments that are
almost always literal strings. */

#define CS   (char *)
#define CCS  (const char *)
#define CSS  (char **)
#define US   (unsigned char *)
#define CUS  (const unsigned char *)
#define USS  (unsigned char **)
#define CUSS (const unsigned char **)

/* The C library string functions expect "char *" arguments. Use macros to
avoid having to write a cast each time. We do this for string and file
functions that are called quite often; for other calls to external libraries
(which are on the whole special-purpose) we just use individual casts. */

#define Uatoi(s)           atoi(CCS(s))
#define Uatol(s)           atol(CCS(s))
#define Uchdir(s)          chdir(CCS(s))
#define Uchmod(s,n)        chmod(CCS(s),n)
#define Ufgets(b,n,f)      fgets(CS(b),n,f)
#define Ufopen(s,t)        fopen(CCS(s),CCS(t))
#define Ulink(s,t)         link(CCS(s),CCS(t))
#define Ulstat(s,t)        lstat(CCS(s),t)

#ifdef O_BINARY                                        /* This is for Cygwin,  */
#define Uopen(s,n,m)       open(CCS(s),(n)|O_BINARY,m) /* where all files must */
#else                                                  /* be opened as binary  */
#define Uopen(s,n,m)       open(CCS(s),n,m)            /* to avoid problems    */
#endif                                                 /* with CRLF endings.   */
#define Uread(f,b,l)       read(f,CS(b),l)
#define Urename(s,t)       rename(CCS(s),CCS(t))
#define Ustat(s,t)         stat(CCS(s),t)
#define Ustrcat(s,t)       __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__)
#define Ustrchr(s,n)       US strchr(CCS(s),n)
#define CUstrchr(s,n)      CUS strchr(CCS(s),n)
#define CUstrerror(n)      CUS strerror(n)
#define Ustrcmp(s,t)       strcmp(CCS(s),CCS(t))
#define Ustrcpy(s,t)       __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__)
#define Ustrcpy_nt(s,t)    strcpy(CS s, CCS t)		/* no taint check */
#define Ustrcspn(s,t)      strcspn(CCS(s),CCS(t))
#define Ustrftime(s,m,f,t) strftime(CS(s),m,f,t)
#define Ustrlen(s)         (int)strlen(CCS(s))
#define Ustrncat(s,t,n)    __Ustrncat(s, CUS(t),n, __FUNCTION__, __LINE__)
#define Ustrncmp(s,t,n)    strncmp(CCS(s),CCS(t),n)
#define Ustrncpy(s,t,n)    __Ustrncpy(s, CUS(t),n, __FUNCTION__, __LINE__)
#define Ustrncpy_nt(s,t,n) strncpy(CS s, CCS t, n)	/* no taint check */
#define Ustrpbrk(s,t)      strpbrk(CCS(s),CCS(t))
#define Ustrrchr(s,n)      US strrchr(CCS(s),n)
#define CUstrrchr(s,n)     CUS strrchr(CCS(s),n)
#define Ustrspn(s,t)       strspn(CCS(s),CCS(t))
#define Ustrstr(s,t)       US strstr(CCS(s),CCS(t))
#define CUstrstr(s,t)      CUS strstr(CCS(s),CCS(t))
#define Ustrtod(s,t)       strtod(CCS(s),CSS(t))
#define Ustrtol(s,t,b)     strtol(CCS(s),CSS(t),b)
#define Ustrtoul(s,t,b)    strtoul(CCS(s),CSS(t),b)
#define Uunlink(s)         unlink(CCS(s))

extern void die_tainted(const uschar *, const uschar *, int);

/* Predicate: if an address is in a tainted pool.
By extension, a variable pointing to this address is tainted.
*/

static inline BOOL
is_tainted(const void * p)
{
#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF)
return FALSE;

#elif defined(TAINT_CHECK_SLOW)
extern BOOL is_tainted_fn(const void *);
return is_tainted_fn(p);

#else
extern void * tainted_base, * tainted_top;
return p >= tainted_base && p < tainted_top;
#endif
}

static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line)
{
#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line);
#endif
return US strcat(CS dst, CCS src);
}
static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line)
{
#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line);
#endif
return US strcpy(CS dst, CCS src);
}
static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line)
{
#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line);
#endif
return US strncat(CS dst, CCS src, n);
}
static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line)
{
#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line);
#endif
return US strncpy(CS dst, CCS src, n);
}
/*XXX will likely need unchecked copy also */

#endif
/* End of mytypes.h */
Commit	Line	Data
	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
	6	/* See the file NOTICE for conditions of use and distribution. */
	7
	8
	9	/* This header file contains type definitions and macros that I use as
	10	"standard" in the code of Exim and its utilities. Make it idempotent because
	11	local_scan.h includes it and exim.h includes them both (to get this earlier). */
	12
	13	#ifndef MYTYPES_H
	14	#define MYTYPES_H
	15
	16	# include <string.h>
	17
	18	#ifndef FALSE
	19	# define FALSE 0
	20	#endif
	21
	22	#ifndef TRUE
	23	# define TRUE 1
	24	#endif
	25
	26	#ifndef TRUE_UNSET
	27	# define TRUE_UNSET 2
	28	#endif
	29
	30
	31	/* If gcc is being used to compile Exim, we can use its facility for checking
	32	the arguments of printf-like functions. This is done by a macro. */
	33
	34	#if defined(__GNUC__) \|\| defined(__clang__)
	35	# define PRINTF_FUNCTION(A,B) __attribute__((format(printf,A,B)))
	36	# define ARG_UNUSED __attribute__((__unused__))
	37	# define WARN_UNUSED_RESULT __attribute__((__warn_unused_result__))
	38	# define ALLOC __attribute__((malloc))
	39	# define ALLOC_SIZE(A) __attribute__((alloc_size(A)))
	40	# define NORETURN __attribute__((noreturn))
	41	#else
	42	# define PRINTF_FUNCTION(A,B)
	43	# define ARG_UNUSED /**/
	44	# define WARN_UNUSED_RESULT /**/
	45	# define ALLOC /**/
	46	# define ALLOC_SIZE(A) /**/
	47	# define NORETURN /**/
	48	#endif
	49
	50	#ifdef WANT_DEEPER_PRINTF_CHECKS
	51	# define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B)
	52	#else
	53	# define ALMOST_PRINTF(A, B)
	54	#endif
	55
	56
	57	/* Some operating systems (naughtily, imo) include a definition for "uchar" in
	58	the standard header files, so we use "uschar". Solaris has u_char in
	59	sys/types.h. This is just a typing convenience, of course. */
	60
	61	typedef unsigned char uschar;
	62	typedef unsigned BOOL;
	63	/* We also have SIGNAL_BOOL, which requires signal.h be included, so is defined
	64	elsewhere */
	65
	66
	67	/* These macros save typing for the casting that is needed to cope with the
	68	mess that is "char" in ISO/ANSI C. Having now been bitten enough times by
	69	systems where "char" is actually signed, I've converted Exim to use entirely
	70	unsigned chars, except in a few special places such as arguments that are
	71	almost always literal strings. */
	72
	73	#define CS (char *)
	74	#define CCS (const char *)
	75	#define CSS (char **)
	76	#define US (unsigned char *)
	77	#define CUS (const unsigned char *)
	78	#define USS (unsigned char **)
	79	#define CUSS (const unsigned char **)
	80
	81	/* The C library string functions expect "char *" arguments. Use macros to
	82	avoid having to write a cast each time. We do this for string and file
	83	functions that are called quite often; for other calls to external libraries
	84	(which are on the whole special-purpose) we just use individual casts. */
	85
	86	#define Uatoi(s) atoi(CCS(s))
	87	#define Uatol(s) atol(CCS(s))
	88	#define Uchdir(s) chdir(CCS(s))
	89	#define Uchmod(s,n) chmod(CCS(s),n)
	90	#define Ufgets(b,n,f) fgets(CS(b),n,f)
	91	#define Ufopen(s,t) fopen(CCS(s),CCS(t))
	92	#define Ulink(s,t) link(CCS(s),CCS(t))
	93	#define Ulstat(s,t) lstat(CCS(s),t)
	94
	95	#ifdef O_BINARY /* This is for Cygwin, */
	96	#define Uopen(s,n,m) open(CCS(s),(n)\|O_BINARY,m) /* where all files must */
	97	#else /* be opened as binary */
	98	#define Uopen(s,n,m) open(CCS(s),n,m) /* to avoid problems */
	99	#endif /* with CRLF endings. */
	100	#define Uread(f,b,l) read(f,CS(b),l)
	101	#define Urename(s,t) rename(CCS(s),CCS(t))
	102	#define Ustat(s,t) stat(CCS(s),t)
	103	#define Ustrcat(s,t) __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__)
	104	#define Ustrchr(s,n) US strchr(CCS(s),n)
	105	#define CUstrchr(s,n) CUS strchr(CCS(s),n)
	106	#define CUstrerror(n) CUS strerror(n)
	107	#define Ustrcmp(s,t) strcmp(CCS(s),CCS(t))
	108	#define Ustrcpy(s,t) __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__)
	109	#define Ustrcpy_nt(s,t) strcpy(CS s, CCS t) /* no taint check */
	110	#define Ustrcspn(s,t) strcspn(CCS(s),CCS(t))
	111	#define Ustrftime(s,m,f,t) strftime(CS(s),m,f,t)
	112	#define Ustrlen(s) (int)strlen(CCS(s))
	113	#define Ustrncat(s,t,n) __Ustrncat(s, CUS(t),n, __FUNCTION__, __LINE__)
	114	#define Ustrncmp(s,t,n) strncmp(CCS(s),CCS(t),n)
	115	#define Ustrncpy(s,t,n) __Ustrncpy(s, CUS(t),n, __FUNCTION__, __LINE__)
	116	#define Ustrncpy_nt(s,t,n) strncpy(CS s, CCS t, n) /* no taint check */
	117	#define Ustrpbrk(s,t) strpbrk(CCS(s),CCS(t))
	118	#define Ustrrchr(s,n) US strrchr(CCS(s),n)
	119	#define CUstrrchr(s,n) CUS strrchr(CCS(s),n)
	120	#define Ustrspn(s,t) strspn(CCS(s),CCS(t))
	121	#define Ustrstr(s,t) US strstr(CCS(s),CCS(t))
	122	#define CUstrstr(s,t) CUS strstr(CCS(s),CCS(t))
	123	#define Ustrtod(s,t) strtod(CCS(s),CSS(t))
	124	#define Ustrtol(s,t,b) strtol(CCS(s),CSS(t),b)
	125	#define Ustrtoul(s,t,b) strtoul(CCS(s),CSS(t),b)
	126	#define Uunlink(s) unlink(CCS(s))
	127
	128	extern void die_tainted(const uschar , const uschar , int);
	129
	130	/* Predicate: if an address is in a tainted pool.
	131	By extension, a variable pointing to this address is tainted.
	132	*/
	133
	134	static inline BOOL
	135	is_tainted(const void * p)
	136	{
	137	#if defined(COMPILE_UTILITY) \|\| defined(MACRO_PREDEF)
	138	return FALSE;
	139
	140	#elif defined(TAINT_CHECK_SLOW)
	141	extern BOOL is_tainted_fn(const void *);
	142	return is_tainted_fn(p);
	143
	144	#else
	145	extern void * tainted_base, * tainted_top;
	146	return p >= tainted_base && p < tainted_top;
	147	#endif
	148	}
	149
	150	static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line)
	151	{
	152	#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
	153	if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line);
	154	#endif
	155	return US strcat(CS dst, CCS src);
	156	}
	157	static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line)
	158	{
	159	#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
	160	if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line);
	161	#endif
	162	return US strcpy(CS dst, CCS src);
	163	}
	164	static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line)
	165	{
	166	#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
	167	if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line);
	168	#endif
	169	return US strncat(CS dst, CCS src, n);
	170	}
	171	static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line)
	172	{
	173	#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
	174	if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line);
	175	#endif
	176	return US strncpy(CS dst, CCS src, n);
	177	}
	178	/XXX will likely need unchecked copy also /
	179
	180	#endif
	181	/* End of mytypes.h */