| 1 | /************************************************* |
| 2 | * Exim - an Internet mail transport agent * |
| 3 | *************************************************/ |
| 4 | |
| 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
| 6 | /* See the file NOTICE for conditions of use and distribution. */ |
| 7 | |
| 8 | |
| 9 | /* This header file contains type definitions and macros that I use as |
| 10 | "standard" in the code of Exim and its utilities. Make it idempotent because |
| 11 | local_scan.h includes it and exim.h includes them both (to get this earlier). */ |
| 12 | |
| 13 | #ifndef MYTYPES_H |
| 14 | #define MYTYPES_H |
| 15 | |
| 16 | # include <string.h> |
| 17 | |
| 18 | #ifndef FALSE |
| 19 | # define FALSE 0 |
| 20 | #endif |
| 21 | |
| 22 | #ifndef TRUE |
| 23 | # define TRUE 1 |
| 24 | #endif |
| 25 | |
| 26 | #ifndef TRUE_UNSET |
| 27 | # define TRUE_UNSET 2 |
| 28 | #endif |
| 29 | |
| 30 | |
| 31 | /* If gcc is being used to compile Exim, we can use its facility for checking |
| 32 | the arguments of printf-like functions. This is done by a macro. */ |
| 33 | |
| 34 | #if defined(__GNUC__) || defined(__clang__) |
| 35 | # define PRINTF_FUNCTION(A,B) __attribute__((format(printf,A,B))) |
| 36 | # define ARG_UNUSED __attribute__((__unused__)) |
| 37 | # define WARN_UNUSED_RESULT __attribute__((__warn_unused_result__)) |
| 38 | # define ALLOC __attribute__((malloc)) |
| 39 | # define ALLOC_SIZE(A) __attribute__((alloc_size(A))) |
| 40 | # define NORETURN __attribute__((noreturn)) |
| 41 | #else |
| 42 | # define PRINTF_FUNCTION(A,B) |
| 43 | # define ARG_UNUSED /**/ |
| 44 | # define WARN_UNUSED_RESULT /**/ |
| 45 | # define ALLOC /**/ |
| 46 | # define ALLOC_SIZE(A) /**/ |
| 47 | # define NORETURN /**/ |
| 48 | #endif |
| 49 | |
| 50 | #ifdef WANT_DEEPER_PRINTF_CHECKS |
| 51 | # define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B) |
| 52 | #else |
| 53 | # define ALMOST_PRINTF(A, B) |
| 54 | #endif |
| 55 | |
| 56 | |
| 57 | /* Some operating systems (naughtily, imo) include a definition for "uchar" in |
| 58 | the standard header files, so we use "uschar". Solaris has u_char in |
| 59 | sys/types.h. This is just a typing convenience, of course. */ |
| 60 | |
| 61 | typedef unsigned char uschar; |
| 62 | typedef unsigned BOOL; |
| 63 | /* We also have SIGNAL_BOOL, which requires signal.h be included, so is defined |
| 64 | elsewhere */ |
| 65 | |
| 66 | |
| 67 | /* These macros save typing for the casting that is needed to cope with the |
| 68 | mess that is "char" in ISO/ANSI C. Having now been bitten enough times by |
| 69 | systems where "char" is actually signed, I've converted Exim to use entirely |
| 70 | unsigned chars, except in a few special places such as arguments that are |
| 71 | almost always literal strings. */ |
| 72 | |
| 73 | #define CS (char *) |
| 74 | #define CCS (const char *) |
| 75 | #define CSS (char **) |
| 76 | #define US (unsigned char *) |
| 77 | #define CUS (const unsigned char *) |
| 78 | #define USS (unsigned char **) |
| 79 | #define CUSS (const unsigned char **) |
| 80 | #define CCSS (const char **) |
| 81 | |
| 82 | /* The C library string functions expect "char *" arguments. Use macros to |
| 83 | avoid having to write a cast each time. We do this for string and file |
| 84 | functions that are called quite often; for other calls to external libraries |
| 85 | (which are on the whole special-purpose) we just use individual casts. */ |
| 86 | |
| 87 | #define Uatoi(s) atoi(CCS(s)) |
| 88 | #define Uatol(s) atol(CCS(s)) |
| 89 | #define Uchdir(s) chdir(CCS(s)) |
| 90 | #define Uchmod(s,n) chmod(CCS(s),n) |
| 91 | #define Ufgets(b,n,f) fgets(CS(b),n,f) |
| 92 | #define Ufopen(s,t) exim_fopen(CCS(s),CCS(t)) |
| 93 | #define Ulink(s,t) link(CCS(s),CCS(t)) |
| 94 | #define Ulstat(s,t) lstat(CCS(s),t) |
| 95 | |
| 96 | #ifdef O_BINARY /* This is for Cygwin, */ |
| 97 | #define Uopen(s,n,m) exim_open(CCS(s),(n)|O_BINARY,m) /* where all files must */ |
| 98 | #define Uopen2(s,n) exim_open2(CCS(s),(n)|O_BINARY) |
| 99 | #else /* be opened as binary */ |
| 100 | #define Uopen(s,n,m) exim_open(CCS(s),n,m) /* to avoid problems */ |
| 101 | #define Uopen2(s,n) exim_open2(CCS(s),n) |
| 102 | #endif /* with CRLF endings. */ |
| 103 | #define Uread(f,b,l) read(f,CS(b),l) |
| 104 | #define Urename(s,t) rename(CCS(s),CCS(t)) |
| 105 | #define Ustat(s,t) stat(CCS(s),t) |
| 106 | #define Ustrcat(s,t) __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__) |
| 107 | #define Ustrchr(s,n) US strchr(CCS(s),n) |
| 108 | #define CUstrchr(s,n) CUS strchr(CCS(s),n) |
| 109 | #define CUstrerror(n) CUS strerror(n) |
| 110 | #define Ustrcmp(s,t) strcmp(CCS(s),CCS(t)) |
| 111 | #define Ustrcpy(s,t) __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__) |
| 112 | #define Ustrcpy_nt(s,t) strcpy(CS s, CCS t) /* no taint check */ |
| 113 | #define Ustrcspn(s,t) strcspn(CCS(s),CCS(t)) |
| 114 | #define Ustrftime(s,m,f,t) strftime(CS(s),m,f,t) |
| 115 | #define Ustrlen(s) (int)strlen(CCS(s)) |
| 116 | #define Ustrncat(s,t,n) __Ustrncat(s, CUS(t),n, __FUNCTION__, __LINE__) |
| 117 | #define Ustrncmp(s,t,n) strncmp(CCS(s),CCS(t),n) |
| 118 | #define Ustrncpy(s,t,n) __Ustrncpy(s, CUS(t),n, __FUNCTION__, __LINE__) |
| 119 | #define Ustrncpy_nt(s,t,n) strncpy(CS s, CCS t, n) /* no taint check */ |
| 120 | #define Ustrpbrk(s,t) strpbrk(CCS(s),CCS(t)) |
| 121 | #define Ustrrchr(s,n) US strrchr(CCS(s),n) |
| 122 | #define CUstrrchr(s,n) CUS strrchr(CCS(s),n) |
| 123 | #define Ustrspn(s,t) strspn(CCS(s),CCS(t)) |
| 124 | #define Ustrstr(s,t) US strstr(CCS(s),CCS(t)) |
| 125 | #define CUstrstr(s,t) CUS strstr(CCS(s),CCS(t)) |
| 126 | #define Ustrtod(s,t) strtod(CCS(s),CSS(t)) |
| 127 | #define Ustrtol(s,t,b) strtol(CCS(s),CSS(t),b) |
| 128 | #define Ustrtoul(s,t,b) strtoul(CCS(s),CSS(t),b) |
| 129 | #define Uunlink(s) unlink(CCS(s)) |
| 130 | |
| 131 | extern void die_tainted(const uschar *, const uschar *, int); |
| 132 | |
| 133 | /* Predicate: if an address is in a tainted pool. |
| 134 | By extension, a variable pointing to this address is tainted. |
| 135 | */ |
| 136 | |
| 137 | static inline BOOL |
| 138 | is_tainted(const void * p) |
| 139 | { |
| 140 | #if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF) |
| 141 | return FALSE; |
| 142 | |
| 143 | #elif !defined(TAINT_CHECK_FAST) |
| 144 | extern BOOL is_tainted_fn(const void *); |
| 145 | return is_tainted_fn(p); |
| 146 | |
| 147 | #else |
| 148 | extern void * tainted_base, * tainted_top; |
| 149 | return p >= tainted_base && p < tainted_top; |
| 150 | #endif |
| 151 | } |
| 152 | |
| 153 | static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line) |
| 154 | { |
| 155 | #if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) |
| 156 | if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line); |
| 157 | #endif |
| 158 | return US strcat(CS dst, CCS src); |
| 159 | } |
| 160 | static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line) |
| 161 | { |
| 162 | #if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) |
| 163 | if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line); |
| 164 | #endif |
| 165 | return US strcpy(CS dst, CCS src); |
| 166 | } |
| 167 | static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line) |
| 168 | { |
| 169 | #if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) |
| 170 | if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line); |
| 171 | #endif |
| 172 | return US strncat(CS dst, CCS src, n); |
| 173 | } |
| 174 | static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line) |
| 175 | { |
| 176 | #if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) |
| 177 | if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line); |
| 178 | #endif |
| 179 | return US strncpy(CS dst, CCS src, n); |
| 180 | } |
| 181 | /*XXX will likely need unchecked copy also */ |
| 182 | |
| 183 | #endif |
| 184 | /* End of mytypes.h */ |