X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=src%2Fsrc%2Fstring.c;h=5acee1b00100600bbfd03bb15231f1b62d0c3328;hb=HEAD;hp=288466113fe860303f72b8cdecfc31b13c2e45fb;hpb=aaabfafe3fb76b1e09a68317ef4b3d5bc94fa9be;p=exim.git diff --git a/src/src/string.c b/src/src/string.c index 288466113..5acee1b00 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -3,6 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ /* Miscellaneous string-handling functions. Some are not required for @@ -12,7 +13,6 @@ utilities and tests, and are cut out by the COMPILE_UTILITY macro. */ #include "exim.h" #include -static void gstring_rebuffer(gstring * g); #ifndef COMPILE_UTILITY /************************************************* @@ -223,6 +223,8 @@ interpreted in strings. Arguments: pp points a pointer to the initiating "\" in the string; the pointer gets updated to point to the final character + If the backslash is the last character in the string, it + is not interpreted. Returns: the value of the character escape */ @@ -235,6 +237,7 @@ const uschar *hex_digits= CUS"0123456789abcdef"; int ch; const uschar *p = *pp; ch = *(++p); +if (ch == '\0') return **pp; if (isdigit(ch) && ch != '8' && ch != '9') { ch -= '0'; @@ -408,7 +411,8 @@ return ss; -#ifdef HAVE_LOCAL_SCAN +#if (defined(HAVE_LOCAL_SCAN) || defined(EXPAND_DLFUNC)) \ + && !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY) /************************************************* * Copy and save string * *************************************************/ @@ -429,7 +433,7 @@ As above, but explicitly specifying the result taint status */ uschar * -string_copy_taint(const uschar * s, BOOL tainted) +string_copy_taint_function(const uschar * s, BOOL tainted) { int len = Ustrlen(s) + 1; uschar *ss = store_get(len, tainted); @@ -571,18 +575,14 @@ uschar *ss = yield = store_get(Ustrlen(s) + 1, is_tainted(s)); while (*s != 0) { if (*s != '\\') - { *ss++ = *s++; - } else if (isdigit(s[1])) { *ss++ = (s[1] - '0')*100 + (s[2] - '0')*10 + s[3] - '0'; s += 4; } else if (*(++s) != 0) - { *ss++ = *s++; - } } *ss = 0; @@ -661,7 +661,7 @@ return yield; *************************************************/ /* The formatting is done by string_vformat, which checks the length of -everything. +everything. Taint is taken from the worst of the arguments. Arguments: format a printf() format - deliberately char * rather than uschar * @@ -674,12 +674,20 @@ Returns: pointer to fresh piece of store containing sprintf'ed string uschar * string_sprintf_trc(const char *format, const uschar * func, unsigned line, ...) { -gstring * g; -va_list ap; +#ifdef COMPILE_UTILITY +uschar buffer[STRING_SPRINTF_BUFFER_SIZE]; +gstring gs = { .size = STRING_SPRINTF_BUFFER_SIZE, .ptr = 0, .s = buffer }; +gstring * g = &gs; +unsigned flags = 0; +#else +gstring * g = NULL; +unsigned flags = SVFMT_REBUFFER|SVFMT_EXTEND; +#endif +va_list ap; va_start(ap, line); -g = string_vformat_trc(NULL, func, line, STRING_SPRINTF_BUFFER_SIZE, - SVFMT_REBUFFER|SVFMT_EXTEND, format, ap); +g = string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE, + flags, format, ap); va_end(ap); if (!g) @@ -688,8 +696,12 @@ if (!g) " called from %s %d\n", STRING_SPRINTF_BUFFER_SIZE, format, func, line); +#ifdef COMPILE_UTILITY +return string_copyn(g->s, g->ptr); +#else gstring_release_unused(g); return string_from_gstring(g); +#endif } @@ -848,7 +860,8 @@ Returns: pointer to buffer, containing the next substring, */ uschar * -string_nextinlist(const uschar **listptr, int *separator, uschar *buffer, int buflen) +string_nextinlist_trc(const uschar **listptr, int *separator, uschar *buffer, int buflen, + const uschar * func, int line) { int sep = *separator; const uschar *s = *listptr; @@ -891,6 +904,8 @@ sep_is_special = iscntrl(sep); if (buffer) { int p = 0; + if (is_tainted(s) && !is_tainted(buffer)) + die_tainted(US"string_nextinlist", func, line); for (; *s; s++) { if (*s == sep && (*(++s) != sep || sep_is_special)) break; @@ -1138,8 +1153,8 @@ memcpy(g->s + p, s, count); g->ptr = p + count; return g; } - - + + gstring * string_cat(gstring *string, const uschar *s) { @@ -1227,29 +1242,33 @@ return !!gp; -/* Copy the content of a string to tainted memory */ -static void -gstring_rebuffer(gstring * g) -{ -uschar * s = store_get(g->size, TRUE); -memcpy(s, g->s, g->ptr); -g->s = s; -} - - /* Build or append to a growing-string, sprintf-style. +Arguments: + g a growable-string + func called-from function name, for debug + line called-from file line number, for debug + limit maximum string size + flags see below + format printf-like format string + ap variable-args pointer + +Flags: + SVFMT_EXTEND buffer can be created or exteded as needed + SVFMT_REBUFFER buffer can be recopied to tainted mem as needed + SVFMT_TAINT_NOCHK do not check inputs for taint + If the "extend" flag is true, the string passed in can be NULL, empty, or non-empty. Growing is subject to an overall limit given -by the size_limit argument. +by the limit argument. If the "extend" flag is false, the string passed in may not be NULL, will not be grown, and is usable in the original place after return. The return value can be NULL to signify overflow. -Returns the possibly-new (if copy for growth was needed) string, -not nul-terminated. +Returns the possibly-new (if copy for growth or taint-handling was needed) +string, not nul-terminated. */ gstring * @@ -1619,7 +1638,7 @@ doesn't seem much we can do about that. */ va_start(ap, format); (void) string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE, - 0, format, ap); + SVFMT_REBUFFER, format, ap); string_from_gstring(g); gstring_release_unused(g); va_end(ap);