[exim.git] / src / src / mytypes.h

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */


/* This header file contains type definitions and macros that I use as
"standard" in the code of Exim and its utilities. Make it idempotent because
local_scan.h includes it and exim.h includes them both (to get this earlier). */

#ifndef MYTYPES_H
#define MYTYPES_H

# include <string.h>

#ifndef FALSE
# define FALSE         0
#endif

#ifndef TRUE
# define TRUE          1
#endif

#ifndef TRUE_UNSET
# define TRUE_UNSET    2
#endif


/* If gcc is being used to compile Exim, we can use its facility for checking
the arguments of printf-like functions. This is done by a macro. */

#if defined(__GNUC__) || defined(__clang__)
# define PRINTF_FUNCTION(A,B)	__attribute__((format(printf,A,B)))
# define ARG_UNUSED		__attribute__((__unused__))
# define WARN_UNUSED_RESULT	__attribute__((__warn_unused_result__))
# define ALLOC			__attribute__((malloc))
# define ALLOC_SIZE(A)		__attribute__((alloc_size(A)))
# define NORETURN		__attribute__((noreturn))
#else
# define PRINTF_FUNCTION(A,B)
# define ARG_UNUSED		/**/
# define WARN_UNUSED_RESULT	/**/
# define ALLOC			/**/
# define ALLOC_SIZE(A)		/**/
# define NORETURN		/**/
#endif

#ifdef WANT_DEEPER_PRINTF_CHECKS
# define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B)
#else
# define ALMOST_PRINTF(A, B)
#endif


/* Some operating systems (naughtily, imo) include a definition for "uchar" in
the standard header files, so we use "uschar". Solaris has u_char in
sys/types.h. This is just a typing convenience, of course. */

typedef unsigned char uschar;
typedef unsigned BOOL;
/* We also have SIGNAL_BOOL, which requires signal.h be included, so is defined
elsewhere */


/* These macros save typing for the casting that is needed to cope with the
mess that is "char" in ISO/ANSI C. Having now been bitten enough times by
systems where "char" is actually signed, I've converted Exim to use entirely
unsigned chars, except in a few special places such as arguments that are
almost always literal strings. */

#define CS   (char *)
#define CCS  (const char *)
#define CSS  (char **)
#define US   (unsigned char *)
#define CUS  (const unsigned char *)
#define USS  (unsigned char **)
#define CUSS (const unsigned char **)
#define CCSS (const char **)

/* The C library string functions expect "char *" arguments. Use macros to
avoid having to write a cast each time. We do this for string and file
functions that are called quite often; for other calls to external libraries
(which are on the whole special-purpose) we just use individual casts. */

#define Uatoi(s)           atoi(CCS(s))
#define Uatol(s)           atol(CCS(s))
#define Uchdir(s)          chdir(CCS(s))
#define Uchmod(s,n)        chmod(CCS(s),n)
#define Ufgets(b,n,f)      fgets(CS(b),n,f)
#define Ufopen(s,t)        exim_fopen(CCS(s),CCS(t))
#define Ulink(s,t)         link(CCS(s),CCS(t))
#define Ulstat(s,t)        lstat(CCS(s),t)

#ifdef O_BINARY							/* This is for Cygwin,  */
#define Uopen(s,n,m)       exim_open(CCS(s),(n)|O_BINARY,m)	/* where all files must */
#define Uopen2(s,n)        exim_open2(CCS(s),(n)|O_BINARY)
#else								/* be opened as binary  */
#define Uopen(s,n,m)       exim_open(CCS(s),n,m)		/* to avoid problems    */
#define Uopen2(s,n)        exim_open2(CCS(s),n)	
#endif								/* with CRLF endings.   */
#define Uread(f,b,l)       read(f,CS(b),l)
#define Urename(s,t)       rename(CCS(s),CCS(t))
#define Ustat(s,t)         stat(CCS(s),t)
#define Ustrcat(s,t)       __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__)
#define Ustrchr(s,n)       US strchr(CCS(s),n)
#define CUstrchr(s,n)      CUS strchr(CCS(s),n)
#define CUstrerror(n)      CUS strerror(n)
#define Ustrcmp(s,t)       strcmp(CCS(s),CCS(t))
#define Ustrcpy(s,t)       __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__)
#define Ustrcpy_nt(s,t)    strcpy(CS s, CCS t)		/* no taint check */
#define Ustrcspn(s,t)      strcspn(CCS(s),CCS(t))
#define Ustrftime(s,m,f,t) strftime(CS(s),m,f,t)
#define Ustrlen(s)         (int)strlen(CCS(s))
#define Ustrncat(s,t,n)    __Ustrncat(s, CUS(t),n, __FUNCTION__, __LINE__)
#define Ustrncmp(s,t,n)    strncmp(CCS(s),CCS(t),n)
#define Ustrncpy(s,t,n)    __Ustrncpy(s, CUS(t),n, __FUNCTION__, __LINE__)
#define Ustrncpy_nt(s,t,n) strncpy(CS s, CCS t, n)	/* no taint check */
#define Ustrpbrk(s,t)      strpbrk(CCS(s),CCS(t))
#define Ustrrchr(s,n)      US strrchr(CCS(s),n)
#define CUstrrchr(s,n)     CUS strrchr(CCS(s),n)
#define Ustrspn(s,t)       strspn(CCS(s),CCS(t))
#define Ustrstr(s,t)       US strstr(CCS(s),CCS(t))
#define CUstrstr(s,t)      CUS strstr(CCS(s),CCS(t))
#define Ustrtod(s,t)       strtod(CCS(s),CSS(t))
#define Ustrtol(s,t,b)     strtol(CCS(s),CSS(t),b)
#define Ustrtoul(s,t,b)    strtoul(CCS(s),CSS(t),b)
#define Uunlink(s)         unlink(CCS(s))

extern void die_tainted(const uschar *, const uschar *, int);

/* Predicate: if an address is in a tainted pool.
By extension, a variable pointing to this address is tainted.
*/

static inline BOOL
is_tainted(const void * p)
{
#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF)
return FALSE;

#elif !defined(TAINT_CHECK_FAST)
extern BOOL is_tainted_fn(const void *);
return is_tainted_fn(p);

#else
extern void * tainted_base, * tainted_top;
return p >= tainted_base && p < tainted_top;
#endif
}

static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line)
{
#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line);
#endif
return US strcat(CS dst, CCS src);
}
static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line)
{
#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line);
#endif
return US strcpy(CS dst, CCS src);
}
static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line)
{
#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line);
#endif
return US strncat(CS dst, CCS src, n);
}
static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line)
{
#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line);
#endif
return US strncpy(CS dst, CCS src, n);
}
/*XXX will likely need unchecked copy also */

#endif
/* End of mytypes.h */
Commit	Line	Data
	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
	6	/* See the file NOTICE for conditions of use and distribution. */
	7
	8
	9	/* This header file contains type definitions and macros that I use as
	10	"standard" in the code of Exim and its utilities. Make it idempotent because
	11	local_scan.h includes it and exim.h includes them both (to get this earlier). */
	12
	13	#ifndef MYTYPES_H
	14	#define MYTYPES_H
	15
	16	# include <string.h>
	17
	18	#ifndef FALSE
	19	# define FALSE 0
	20	#endif
	21
	22	#ifndef TRUE
	23	# define TRUE 1
	24	#endif
	25
	26	#ifndef TRUE_UNSET
	27	# define TRUE_UNSET 2
	28	#endif
	29
	30
	31	/* If gcc is being used to compile Exim, we can use its facility for checking
	32	the arguments of printf-like functions. This is done by a macro. */
	33
	34	#if defined(__GNUC__) \|\| defined(__clang__)
	35	# define PRINTF_FUNCTION(A,B) __attribute__((format(printf,A,B)))
	36	# define ARG_UNUSED __attribute__((__unused__))
	37	# define WARN_UNUSED_RESULT __attribute__((__warn_unused_result__))
	38	# define ALLOC __attribute__((malloc))
	39	# define ALLOC_SIZE(A) __attribute__((alloc_size(A)))
	40	# define NORETURN __attribute__((noreturn))
	41	#else
	42	# define PRINTF_FUNCTION(A,B)
	43	# define ARG_UNUSED /**/
	44	# define WARN_UNUSED_RESULT /**/
	45	# define ALLOC /**/
	46	# define ALLOC_SIZE(A) /**/
	47	# define NORETURN /**/
	48	#endif
	49
	50	#ifdef WANT_DEEPER_PRINTF_CHECKS
	51	# define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B)
	52	#else
	53	# define ALMOST_PRINTF(A, B)
	54	#endif
	55
	56
	57	/* Some operating systems (naughtily, imo) include a definition for "uchar" in
	58	the standard header files, so we use "uschar". Solaris has u_char in
	59	sys/types.h. This is just a typing convenience, of course. */
	60
	61	typedef unsigned char uschar;
	62	typedef unsigned BOOL;
	63	/* We also have SIGNAL_BOOL, which requires signal.h be included, so is defined
	64	elsewhere */
	65
	66
	67	/* These macros save typing for the casting that is needed to cope with the
	68	mess that is "char" in ISO/ANSI C. Having now been bitten enough times by
	69	systems where "char" is actually signed, I've converted Exim to use entirely
	70	unsigned chars, except in a few special places such as arguments that are
	71	almost always literal strings. */
	72
	73	#define CS (char *)
	74	#define CCS (const char *)
	75	#define CSS (char **)
	76	#define US (unsigned char *)
	77	#define CUS (const unsigned char *)
	78	#define USS (unsigned char **)
	79	#define CUSS (const unsigned char **)
	80	#define CCSS (const char **)
	81
	82	/* The C library string functions expect "char *" arguments. Use macros to
	83	avoid having to write a cast each time. We do this for string and file
	84	functions that are called quite often; for other calls to external libraries
	85	(which are on the whole special-purpose) we just use individual casts. */
	86
	87	#define Uatoi(s) atoi(CCS(s))
	88	#define Uatol(s) atol(CCS(s))
	89	#define Uchdir(s) chdir(CCS(s))
	90	#define Uchmod(s,n) chmod(CCS(s),n)
	91	#define Ufgets(b,n,f) fgets(CS(b),n,f)
	92	#define Ufopen(s,t) exim_fopen(CCS(s),CCS(t))
	93	#define Ulink(s,t) link(CCS(s),CCS(t))
	94	#define Ulstat(s,t) lstat(CCS(s),t)
	95
	96	#ifdef O_BINARY /* This is for Cygwin, */
	97	#define Uopen(s,n,m) exim_open(CCS(s),(n)\|O_BINARY,m) /* where all files must */
	98	#define Uopen2(s,n) exim_open2(CCS(s),(n)\|O_BINARY)
	99	#else /* be opened as binary */
	100	#define Uopen(s,n,m) exim_open(CCS(s),n,m) /* to avoid problems */
	101	#define Uopen2(s,n) exim_open2(CCS(s),n)
	102	#endif /* with CRLF endings. */
	103	#define Uread(f,b,l) read(f,CS(b),l)
	104	#define Urename(s,t) rename(CCS(s),CCS(t))
	105	#define Ustat(s,t) stat(CCS(s),t)
	106	#define Ustrcat(s,t) __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__)
	107	#define Ustrchr(s,n) US strchr(CCS(s),n)
	108	#define CUstrchr(s,n) CUS strchr(CCS(s),n)
	109	#define CUstrerror(n) CUS strerror(n)
	110	#define Ustrcmp(s,t) strcmp(CCS(s),CCS(t))
	111	#define Ustrcpy(s,t) __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__)
	112	#define Ustrcpy_nt(s,t) strcpy(CS s, CCS t) /* no taint check */
	113	#define Ustrcspn(s,t) strcspn(CCS(s),CCS(t))
	114	#define Ustrftime(s,m,f,t) strftime(CS(s),m,f,t)
	115	#define Ustrlen(s) (int)strlen(CCS(s))
	116	#define Ustrncat(s,t,n) __Ustrncat(s, CUS(t),n, __FUNCTION__, __LINE__)
	117	#define Ustrncmp(s,t,n) strncmp(CCS(s),CCS(t),n)
	118	#define Ustrncpy(s,t,n) __Ustrncpy(s, CUS(t),n, __FUNCTION__, __LINE__)
	119	#define Ustrncpy_nt(s,t,n) strncpy(CS s, CCS t, n) /* no taint check */
	120	#define Ustrpbrk(s,t) strpbrk(CCS(s),CCS(t))
	121	#define Ustrrchr(s,n) US strrchr(CCS(s),n)
	122	#define CUstrrchr(s,n) CUS strrchr(CCS(s),n)
	123	#define Ustrspn(s,t) strspn(CCS(s),CCS(t))
	124	#define Ustrstr(s,t) US strstr(CCS(s),CCS(t))
	125	#define CUstrstr(s,t) CUS strstr(CCS(s),CCS(t))
	126	#define Ustrtod(s,t) strtod(CCS(s),CSS(t))
	127	#define Ustrtol(s,t,b) strtol(CCS(s),CSS(t),b)
	128	#define Ustrtoul(s,t,b) strtoul(CCS(s),CSS(t),b)
	129	#define Uunlink(s) unlink(CCS(s))
	130
	131	extern void die_tainted(const uschar , const uschar , int);
	132
	133	/* Predicate: if an address is in a tainted pool.
	134	By extension, a variable pointing to this address is tainted.
	135	*/
	136
	137	static inline BOOL
	138	is_tainted(const void * p)
	139	{
	140	#if defined(COMPILE_UTILITY) \|\| defined(MACRO_PREDEF)
	141	return FALSE;
	142
	143	#elif !defined(TAINT_CHECK_FAST)
	144	extern BOOL is_tainted_fn(const void *);
	145	return is_tainted_fn(p);
	146
	147	#else
	148	extern void * tainted_base, * tainted_top;
	149	return p >= tainted_base && p < tainted_top;
	150	#endif
	151	}
	152
	153	static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line)
	154	{
	155	#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
	156	if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line);
	157	#endif
	158	return US strcat(CS dst, CCS src);
	159	}
	160	static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line)
	161	{
	162	#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
	163	if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line);
	164	#endif
	165	return US strcpy(CS dst, CCS src);
	166	}
	167	static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line)
	168	{
	169	#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
	170	if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line);
	171	#endif
	172	return US strncat(CS dst, CCS src, n);
	173	}
	174	static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line)
	175	{
	176	#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
	177	if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line);
	178	#endif
	179	return US strncpy(CS dst, CCS src, n);
	180	}
	181	/XXX will likely need unchecked copy also /
	182
	183	#endif
	184	/* End of mytypes.h */