Copyright updates:
[exim.git] / src / src / string.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
1e1ddfac 6/* Copyright (c) The Exim Maintainers 2020 */
059ec3d9
PH
7/* See the file NOTICE for conditions of use and distribution. */
8
9/* Miscellaneous string-handling functions. Some are not required for
10utilities and tests, and are cut out by the COMPILE_UTILITY macro. */
11
12
13#include "exim.h"
d12746bc 14#include <assert.h>
059ec3d9
PH
15
16
17#ifndef COMPILE_UTILITY
18/*************************************************
19* Test for IP address *
20*************************************************/
21
22/* This used just to be a regular expression, but with IPv6 things are a bit
23more complicated. If the address contains a colon, it is assumed to be a v6
24address (assuming HAVE_IPV6 is set). If a mask is permitted and one is present,
25and maskptr is not NULL, its offset is placed there.
26
27Arguments:
28 s a string
29 maskptr NULL if no mask is permitted to follow
30 otherwise, points to an int where the offset of '/' is placed
1688f43b 31 if there is no / followed by trailing digits, *maskptr is set 0
059ec3d9
PH
32
33Returns: 0 if the string is not a textual representation of an IP address
34 4 if it is an IPv4 address
35 6 if it is an IPv6 address
36*/
37
38int
b1f8e4f8 39string_is_ip_address(const uschar *s, int *maskptr)
059ec3d9 40{
059ec3d9
PH
41int yield = 4;
42
43/* If an optional mask is permitted, check for it. If found, pass back the
44offset. */
45
8d909960 46if (maskptr)
059ec3d9 47 {
b1f8e4f8 48 const uschar *ss = s + Ustrlen(s);
059ec3d9
PH
49 *maskptr = 0;
50 if (s != ss && isdigit(*(--ss)))
51 {
52 while (ss > s && isdigit(ss[-1])) ss--;
53 if (ss > s && *(--ss) == '/') *maskptr = ss - s;
54 }
55 }
56
57/* A colon anywhere in the string => IPv6 address */
58
59if (Ustrchr(s, ':') != NULL)
60 {
61 BOOL had_double_colon = FALSE;
62 BOOL v4end = FALSE;
059ec3d9
PH
63
64 yield = 6;
65
66 /* An IPv6 address must start with hex digit or double colon. A single
67 colon is invalid. */
68
69 if (*s == ':' && *(++s) != ':') return 0;
70
71 /* Now read up to 8 components consisting of up to 4 hex digits each. There
72 may be one and only one appearance of double colon, which implies any number
73 of binary zero bits. The number of preceding components is held in count. */
74
d7978c0f 75 for (int count = 0; count < 8; count++)
059ec3d9
PH
76 {
77 /* If the end of the string is reached before reading 8 components, the
78 address is valid provided a double colon has been read. This also applies
79 if we hit the / that introduces a mask or the % that introduces the
80 interface specifier (scope id) of a link-local address. */
81
8d909960 82 if (*s == 0 || *s == '%' || *s == '/') return had_double_colon ? yield : 0;
059ec3d9
PH
83
84 /* If a component starts with an additional colon, we have hit a double
85 colon. This is permitted to appear once only, and counts as at least
86 one component. The final component may be of this form. */
87
88 if (*s == ':')
89 {
90 if (had_double_colon) return 0;
91 had_double_colon = TRUE;
92 s++;
93 continue;
94 }
95
96 /* If the remainder of the string contains a dot but no colons, we
97 can expect a trailing IPv4 address. This is valid if either there has
98 been no double-colon and this is the 7th component (with the IPv4 address
99 being the 7th & 8th components), OR if there has been a double-colon
100 and fewer than 6 components. */
101
102 if (Ustrchr(s, ':') == NULL && Ustrchr(s, '.') != NULL)
103 {
104 if ((!had_double_colon && count != 6) ||
105 (had_double_colon && count > 6)) return 0;
106 v4end = TRUE;
107 yield = 6;
108 break;
109 }
110
111 /* Check for at least one and not more than 4 hex digits for this
112 component. */
113
114 if (!isxdigit(*s++)) return 0;
115 if (isxdigit(*s) && isxdigit(*(++s)) && isxdigit(*(++s))) s++;
116
117 /* If the component is terminated by colon and there is more to
118 follow, skip over the colon. If there is no more to follow the address is
119 invalid. */
120
121 if (*s == ':' && *(++s) == 0) return 0;
122 }
123
124 /* If about to handle a trailing IPv4 address, drop through. Otherwise
125 all is well if we are at the end of the string or at the mask or at a percent
126 sign, which introduces the interface specifier (scope id) of a link local
127 address. */
128
1688f43b
PH
129 if (!v4end)
130 return (*s == 0 || *s == '%' ||
131 (*s == '/' && maskptr != NULL && *maskptr != 0))? yield : 0;
059ec3d9
PH
132 }
133
134/* Test for IPv4 address, which may be the tail-end of an IPv6 address. */
135
d7978c0f 136for (int i = 0; i < 4; i++)
059ec3d9 137 {
8d909960
JH
138 long n;
139 uschar * end;
140
059ec3d9 141 if (i != 0 && *s++ != '.') return 0;
8d909960
JH
142 n = strtol(CCS s, CSS &end, 10);
143 if (n > 255 || n < 0 || end <= s || end > s+3) return 0;
144 s = end;
059ec3d9
PH
145 }
146
8d909960 147return !*s || (*s == '/' && maskptr && *maskptr != 0) ? yield : 0;
059ec3d9
PH
148}
149#endif /* COMPILE_UTILITY */
150
151
152/*************************************************
153* Format message size *
154*************************************************/
155
156/* Convert a message size in bytes to printing form, rounding
157according to the magnitude of the number. A value of zero causes
158a string of spaces to be returned.
159
160Arguments:
161 size the message size in bytes
162 buffer where to put the answer
163
164Returns: pointer to the buffer
165 a string of exactly 5 characters is normally returned
166*/
167
168uschar *
169string_format_size(int size, uschar *buffer)
170{
f3ebb786 171if (size == 0) Ustrcpy(buffer, US" ");
059ec3d9
PH
172else if (size < 1024) sprintf(CS buffer, "%5d", size);
173else if (size < 10*1024)
174 sprintf(CS buffer, "%4.1fK", (double)size / 1024.0);
175else if (size < 1024*1024)
176 sprintf(CS buffer, "%4dK", (size + 512)/1024);
177else if (size < 10*1024*1024)
178 sprintf(CS buffer, "%4.1fM", (double)size / (1024.0 * 1024.0));
179else
180 sprintf(CS buffer, "%4dM", (size + 512 * 1024)/(1024*1024));
181return buffer;
182}
183
184
185
186#ifndef COMPILE_UTILITY
187/*************************************************
188* Convert a number to base 62 format *
189*************************************************/
190
191/* Convert a long integer into an ASCII base 62 string. For Cygwin the value of
192BASE_62 is actually 36. Always return exactly 6 characters plus zero, in a
193static area.
194
195Argument: a long integer
196Returns: pointer to base 62 string
197*/
198
199uschar *
200string_base62(unsigned long int value)
201{
202static uschar yield[7];
203uschar *p = yield + sizeof(yield) - 1;
204*p = 0;
205while (p > yield)
206 {
207 *(--p) = base62_chars[value % BASE_62];
208 value /= BASE_62;
209 }
210return yield;
211}
212#endif /* COMPILE_UTILITY */
213
214
215
059ec3d9
PH
216/*************************************************
217* Interpret escape sequence *
218*************************************************/
219
220/* This function is called from several places where escape sequences are to be
221interpreted in strings.
222
223Arguments:
224 pp points a pointer to the initiating "\" in the string;
225 the pointer gets updated to point to the final character
c3aefacc
HSHR
226 If the backslash is the last character in the string, it
227 is not interpreted.
059ec3d9
PH
228Returns: the value of the character escape
229*/
230
231int
55414b25 232string_interpret_escape(const uschar **pp)
059ec3d9 233{
3fb3c68d
JH
234#ifdef COMPILE_UTILITY
235const uschar *hex_digits= CUS"0123456789abcdef";
236#endif
059ec3d9 237int ch;
55414b25 238const uschar *p = *pp;
059ec3d9 239ch = *(++p);
c3aefacc 240if (ch == '\0') return **pp;
059ec3d9
PH
241if (isdigit(ch) && ch != '8' && ch != '9')
242 {
243 ch -= '0';
244 if (isdigit(p[1]) && p[1] != '8' && p[1] != '9')
245 {
246 ch = ch * 8 + *(++p) - '0';
247 if (isdigit(p[1]) && p[1] != '8' && p[1] != '9')
248 ch = ch * 8 + *(++p) - '0';
249 }
250 }
251else switch(ch)
252 {
c7396ac5
PP
253 case 'b': ch = '\b'; break;
254 case 'f': ch = '\f'; break;
059ec3d9
PH
255 case 'n': ch = '\n'; break;
256 case 'r': ch = '\r'; break;
257 case 't': ch = '\t'; break;
c7396ac5 258 case 'v': ch = '\v'; break;
059ec3d9
PH
259 case 'x':
260 ch = 0;
261 if (isxdigit(p[1]))
262 {
263 ch = ch * 16 +
264 Ustrchr(hex_digits, tolower(*(++p))) - hex_digits;
265 if (isxdigit(p[1])) ch = ch * 16 +
266 Ustrchr(hex_digits, tolower(*(++p))) - hex_digits;
267 }
268 break;
269 }
270*pp = p;
271return ch;
272}
059ec3d9
PH
273
274
275
276#ifndef COMPILE_UTILITY
277/*************************************************
278* Ensure string is printable *
279*************************************************/
280
281/* This function is called for critical strings. It checks for any
282non-printing characters, and if any are found, it makes a new copy
283of the string with suitable escape sequences. It is most often called by the
284macro string_printing(), which sets allow_tab TRUE.
285
286Arguments:
287 s the input string
288 allow_tab TRUE to allow tab as a printing character
289
290Returns: string with non-printers encoded as printing sequences
291*/
292
55414b25
JH
293const uschar *
294string_printing2(const uschar *s, BOOL allow_tab)
059ec3d9
PH
295{
296int nonprintcount = 0;
297int length = 0;
55414b25 298const uschar *t = s;
059ec3d9
PH
299uschar *ss, *tt;
300
301while (*t != 0)
302 {
303 int c = *t++;
304 if (!mac_isprint(c) || (!allow_tab && c == '\t')) nonprintcount++;
305 length++;
306 }
307
308if (nonprintcount == 0) return s;
309
310/* Get a new block of store guaranteed big enough to hold the
311expanded string. */
312
f3ebb786 313ss = store_get(length + nonprintcount * 3 + 1, is_tainted(s));
059ec3d9 314
4c04137d 315/* Copy everything, escaping non printers. */
059ec3d9
PH
316
317t = s;
318tt = ss;
319
320while (*t != 0)
321 {
322 int c = *t;
323 if (mac_isprint(c) && (allow_tab || c != '\t')) *tt++ = *t++; else
324 {
325 *tt++ = '\\';
326 switch (*t)
327 {
328 case '\n': *tt++ = 'n'; break;
329 case '\r': *tt++ = 'r'; break;
330 case '\b': *tt++ = 'b'; break;
331 case '\v': *tt++ = 'v'; break;
332 case '\f': *tt++ = 'f'; break;
333 case '\t': *tt++ = 't'; break;
334 default: sprintf(CS tt, "%03o", *t); tt += 3; break;
335 }
336 t++;
337 }
338 }
339*tt = 0;
340return ss;
341}
79fe97d8
PP
342#endif /* COMPILE_UTILITY */
343
c7396ac5
PP
344/*************************************************
345* Undo printing escapes in string *
346*************************************************/
347
348/* This function is the reverse of string_printing2. It searches for
349backslash characters and if any are found, it makes a new copy of the
350string with escape sequences parsed. Otherwise it returns the original
351string.
352
353Arguments:
354 s the input string
355
356Returns: string with printing escapes parsed back
357*/
358
359uschar *
360string_unprinting(uschar *s)
361{
362uschar *p, *q, *r, *ss;
363int len, off;
364
365p = Ustrchr(s, '\\');
366if (!p) return s;
367
368len = Ustrlen(s) + 1;
f3ebb786 369ss = store_get(len, is_tainted(s));
c7396ac5
PP
370
371q = ss;
372off = p - s;
373if (off)
374 {
375 memcpy(q, s, off);
376 q += off;
377 }
378
379while (*p)
380 {
381 if (*p == '\\')
382 {
55414b25 383 *q++ = string_interpret_escape((const uschar **)&p);
823ad74f 384 p++;
c7396ac5
PP
385 }
386 else
387 {
388 r = Ustrchr(p, '\\');
389 if (!r)
390 {
391 off = Ustrlen(p);
392 memcpy(q, p, off);
393 p += off;
394 q += off;
395 break;
396 }
397 else
398 {
399 off = r - p;
400 memcpy(q, p, off);
401 q += off;
402 p = r;
403 }
404 }
405 }
406*q = '\0';
407
408return ss;
409}
059ec3d9
PH
410
411
412
413
bf13aee1
JH
414#if (defined(HAVE_LOCAL_SCAN) || defined(EXPAND_DLFUNC)) \
415 && !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
059ec3d9
PH
416/*************************************************
417* Copy and save string *
418*************************************************/
419
f3ebb786 420/*
059ec3d9 421Argument: string to copy
f3ebb786 422Returns: copy of string in new store with the same taint status
059ec3d9
PH
423*/
424
425uschar *
e59797e3 426string_copy_function(const uschar *s)
059ec3d9 427{
f3ebb786
JH
428return string_copy_taint(s, is_tainted(s));
429}
430
431/* This function assumes that memcpy() is faster than strcpy().
432As above, but explicitly specifying the result taint status
433*/
434
435uschar *
d48326c0 436string_copy_taint_function(const uschar * s, BOOL tainted)
f3ebb786 437{
059ec3d9 438int len = Ustrlen(s) + 1;
f3ebb786 439uschar *ss = store_get(len, tainted);
059ec3d9
PH
440memcpy(ss, s, len);
441return ss;
442}
443
444
f3ebb786 445
059ec3d9
PH
446/*************************************************
447* Copy and save string, given length *
448*************************************************/
449
450/* It is assumed the data contains no zeros. A zero is added
451onto the end.
452
453Arguments:
454 s string to copy
455 n number of characters
456
457Returns: copy of string in new store
458*/
459
460uschar *
e59797e3 461string_copyn_function(const uschar *s, int n)
059ec3d9 462{
f3ebb786 463uschar *ss = store_get(n + 1, is_tainted(s));
059ec3d9
PH
464Ustrncpy(ss, s, n);
465ss[n] = 0;
466return ss;
467}
e59797e3 468#endif
059ec3d9
PH
469
470
471/*************************************************
e59797e3 472* Copy and save string in malloc'd store *
059ec3d9
PH
473*************************************************/
474
e59797e3 475/* This function assumes that memcpy() is faster than strcpy().
059ec3d9 476
e59797e3
JH
477Argument: string to copy
478Returns: copy of string in new store
059ec3d9
PH
479*/
480
481uschar *
e59797e3 482string_copy_malloc(const uschar *s)
059ec3d9 483{
e59797e3
JH
484int len = Ustrlen(s) + 1;
485uschar *ss = store_malloc(len);
486memcpy(ss, s, len);
059ec3d9
PH
487return ss;
488}
489
490
491
492/*************************************************
e28326d8
PH
493* Copy string if long, inserting newlines *
494*************************************************/
495
496/* If the given string is longer than 75 characters, it is copied, and within
497the copy, certain space characters are converted into newlines.
498
499Argument: pointer to the string
500Returns: pointer to the possibly altered string
501*/
502
503uschar *
504string_split_message(uschar *msg)
505{
506uschar *s, *ss;
507
508if (msg == NULL || Ustrlen(msg) <= 75) return msg;
509s = ss = msg = string_copy(msg);
510
511for (;;)
512 {
513 int i = 0;
514 while (i < 75 && *ss != 0 && *ss != '\n') ss++, i++;
515 if (*ss == 0) break;
516 if (*ss == '\n')
517 s = ++ss;
518 else
519 {
520 uschar *t = ss + 1;
521 uschar *tt = NULL;
522 while (--t > s + 35)
523 {
524 if (*t == ' ')
525 {
526 if (t[-1] == ':') { tt = t; break; }
527 if (tt == NULL) tt = t;
528 }
529 }
530
531 if (tt == NULL) /* Can't split behind - try ahead */
532 {
533 t = ss + 1;
534 while (*t != 0)
535 {
536 if (*t == ' ' || *t == '\n')
537 { tt = t; break; }
538 t++;
539 }
540 }
541
542 if (tt == NULL) break; /* Can't find anywhere to split */
543 *tt = '\n';
544 s = ss = tt+1;
545 }
546 }
547
548return msg;
549}
550
551
552
553/*************************************************
059ec3d9
PH
554* Copy returned DNS domain name, de-escaping *
555*************************************************/
556
557/* If a domain name contains top-bit characters, some resolvers return
558the fully qualified name with those characters turned into escapes. The
559convention is a backslash followed by _decimal_ digits. We convert these
560back into the original binary values. This will be relevant when
561allow_utf8_domains is set true and UTF-8 characters are used in domain
562names. Backslash can also be used to escape other characters, though we
563shouldn't come across them in domain names.
564
565Argument: the domain name string
566Returns: copy of string in new store, de-escaped
567*/
568
569uschar *
570string_copy_dnsdomain(uschar *s)
571{
572uschar *yield;
f3ebb786 573uschar *ss = yield = store_get(Ustrlen(s) + 1, is_tainted(s));
059ec3d9
PH
574
575while (*s != 0)
576 {
577 if (*s != '\\')
059ec3d9 578 *ss++ = *s++;
059ec3d9
PH
579 else if (isdigit(s[1]))
580 {
581 *ss++ = (s[1] - '0')*100 + (s[2] - '0')*10 + s[3] - '0';
582 s += 4;
583 }
584 else if (*(++s) != 0)
059ec3d9 585 *ss++ = *s++;
059ec3d9
PH
586 }
587
588*ss = 0;
589return yield;
590}
591
592
593#ifndef COMPILE_UTILITY
594/*************************************************
595* Copy space-terminated or quoted string *
596*************************************************/
597
598/* This function copies from a string until its end, or until whitespace is
599encountered, unless the string begins with a double quote, in which case the
600terminating quote is sought, and escaping within the string is done. The length
601of a de-quoted string can be no longer than the original, since escaping always
602turns n characters into 1 character.
603
604Argument: pointer to the pointer to the first character, which gets updated
605Returns: the new string
606*/
607
608uschar *
55414b25 609string_dequote(const uschar **sptr)
059ec3d9 610{
55414b25 611const uschar *s = *sptr;
059ec3d9
PH
612uschar *t, *yield;
613
614/* First find the end of the string */
615
616if (*s != '\"')
059ec3d9 617 while (*s != 0 && !isspace(*s)) s++;
059ec3d9
PH
618else
619 {
620 s++;
8c513105 621 while (*s && *s != '\"')
059ec3d9
PH
622 {
623 if (*s == '\\') (void)string_interpret_escape(&s);
624 s++;
625 }
8c513105 626 if (*s) s++;
059ec3d9
PH
627 }
628
629/* Get enough store to copy into */
630
f3ebb786 631t = yield = store_get(s - *sptr + 1, is_tainted(*sptr));
059ec3d9
PH
632s = *sptr;
633
634/* Do the copy */
635
636if (*s != '\"')
059ec3d9 637 while (*s != 0 && !isspace(*s)) *t++ = *s++;
059ec3d9
PH
638else
639 {
640 s++;
641 while (*s != 0 && *s != '\"')
642 {
f3ebb786 643 *t++ = *s == '\\' ? string_interpret_escape(&s) : *s;
059ec3d9
PH
644 s++;
645 }
f3ebb786 646 if (*s) s++;
059ec3d9
PH
647 }
648
649/* Update the pointer and return the terminated copy */
650
651*sptr = s;
652*t = 0;
653return yield;
654}
655#endif /* COMPILE_UTILITY */
656
657
658
659/*************************************************
660* Format a string and save it *
661*************************************************/
662
94759fce 663/* The formatting is done by string_vformat, which checks the length of
13e70f55 664everything. Taint is taken from the worst of the arguments.
059ec3d9
PH
665
666Arguments:
667 format a printf() format - deliberately char * rather than uschar *
668 because it will most usually be a literal string
669 ... arguments for format
670
671Returns: pointer to fresh piece of store containing sprintf'ed string
672*/
673
674uschar *
f3ebb786 675string_sprintf_trc(const char *format, const uschar * func, unsigned line, ...)
059ec3d9 676{
8aa16eb7
JH
677#ifdef COMPILE_UTILITY
678uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
679gstring gs = { .size = STRING_SPRINTF_BUFFER_SIZE, .ptr = 0, .s = buffer };
680gstring * g = &gs;
681unsigned flags = 0;
682#else
683gstring * g = NULL;
684unsigned flags = SVFMT_REBUFFER|SVFMT_EXTEND;
685#endif
d12746bc 686
8aa16eb7 687va_list ap;
f3ebb786 688va_start(ap, line);
8aa16eb7
JH
689g = string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE,
690 flags, format, ap);
059ec3d9 691va_end(ap);
d12746bc 692
f3ebb786 693if (!g)
d12746bc
JH
694 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
695 "string_sprintf expansion was longer than %d; format string was (%s)\n"
f3ebb786
JH
696 " called from %s %d\n",
697 STRING_SPRINTF_BUFFER_SIZE, format, func, line);
d12746bc 698
8aa16eb7
JH
699#ifdef COMPILE_UTILITY
700return string_copyn(g->s, g->ptr);
701#else
f3ebb786
JH
702gstring_release_unused(g);
703return string_from_gstring(g);
8aa16eb7 704#endif
059ec3d9
PH
705}
706
707
708
709/*************************************************
710* Case-independent strncmp() function *
711*************************************************/
712
713/*
714Arguments:
715 s first string
716 t second string
717 n number of characters to compare
718
719Returns: < 0, = 0, or > 0, according to the comparison
720*/
721
722int
1ba28e2b 723strncmpic(const uschar *s, const uschar *t, int n)
059ec3d9
PH
724{
725while (n--)
726 {
727 int c = tolower(*s++) - tolower(*t++);
728 if (c) return c;
729 }
730return 0;
731}
732
733
734/*************************************************
735* Case-independent strcmp() function *
736*************************************************/
737
738/*
739Arguments:
740 s first string
741 t second string
742
743Returns: < 0, = 0, or > 0, according to the comparison
744*/
745
746int
1ba28e2b 747strcmpic(const uschar *s, const uschar *t)
059ec3d9
PH
748{
749while (*s != 0)
750 {
751 int c = tolower(*s++) - tolower(*t++);
752 if (c != 0) return c;
753 }
754return *t;
755}
756
757
758/*************************************************
759* Case-independent strstr() function *
760*************************************************/
761
762/* The third argument specifies whether whitespace is required
763to follow the matched string.
764
765Arguments:
766 s string to search
767 t substring to search for
768 space_follows if TRUE, match only if whitespace follows
769
770Returns: pointer to substring in string, or NULL if not found
771*/
772
773uschar *
774strstric(uschar *s, uschar *t, BOOL space_follows)
775{
776uschar *p = t;
777uschar *yield = NULL;
778int cl = tolower(*p);
779int cu = toupper(*p);
780
781while (*s)
782 {
783 if (*s == cl || *s == cu)
784 {
785 if (yield == NULL) yield = s;
786 if (*(++p) == 0)
787 {
788 if (!space_follows || s[1] == ' ' || s[1] == '\n' ) return yield;
789 yield = NULL;
790 p = t;
791 }
792 cl = tolower(*p);
793 cu = toupper(*p);
794 s++;
795 }
796 else if (yield != NULL)
797 {
798 yield = NULL;
799 p = t;
800 cl = tolower(*p);
801 cu = toupper(*p);
802 }
803 else s++;
804 }
805return NULL;
806}
807
808
809
d12746bc
JH
810#ifdef COMPILE_UTILITY
811/* Dummy version for this function; it should never be called */
812static void
f3ebb786 813gstring_grow(gstring * g, int count)
d12746bc
JH
814{
815assert(FALSE);
816}
817#endif
818
819
820
059ec3d9
PH
821#ifndef COMPILE_UTILITY
822/*************************************************
823* Get next string from separated list *
824*************************************************/
825
826/* Leading and trailing space is removed from each item. The separator in the
827list is controlled by the int pointed to by the separator argument as follows:
828
ec95d1a6
PH
829 If the value is > 0 it is used as the separator. This is typically used for
830 sublists such as slash-separated options. The value is always a printing
831 character.
832
833 (If the value is actually > UCHAR_MAX there is only one item in the list.
059ec3d9
PH
834 This is used for some cases when called via functions that sometimes
835 plough through lists, and sometimes are given single items.)
059ec3d9 836
ec95d1a6
PH
837 If the value is <= 0, the string is inspected for a leading <x, where x is an
838 ispunct() or an iscntrl() character. If found, x is used as the separator. If
839 not found:
840
841 (a) if separator == 0, ':' is used
842 (b) if separator <0, -separator is used
843
844 In all cases the value of the separator that is used is written back to the
845 int so that it is used on subsequent calls as we progress through the list.
846
847A literal ispunct() separator can be represented in an item by doubling, but
848there is no way to include an iscntrl() separator as part of the data.
059ec3d9
PH
849
850Arguments:
851 listptr points to a pointer to the current start of the list; the
852 pointer gets updated to point after the end of the next item
853 separator a pointer to the separator character in an int (see above)
854 buffer where to put a copy of the next string in the list; or
855 NULL if the next string is returned in new memory
856 buflen when buffer is not NULL, the size of buffer; otherwise ignored
857
858Returns: pointer to buffer, containing the next substring,
859 or NULL if no more substrings
860*/
861
862uschar *
ba74fb8d
JH
863string_nextinlist_trc(const uschar **listptr, int *separator, uschar *buffer, int buflen,
864 const uschar * func, int line)
059ec3d9 865{
55414b25
JH
866int sep = *separator;
867const uschar *s = *listptr;
ec95d1a6 868BOOL sep_is_special;
059ec3d9 869
8b455685 870if (!s) return NULL;
ec95d1a6
PH
871
872/* This allows for a fixed specified separator to be an iscntrl() character,
873but at the time of implementation, this is never the case. However, it's best
874to be conservative. */
875
876while (isspace(*s) && *s != sep) s++;
877
878/* A change of separator is permitted, so look for a leading '<' followed by an
879allowed character. */
059ec3d9
PH
880
881if (sep <= 0)
882 {
ec95d1a6 883 if (*s == '<' && (ispunct(s[1]) || iscntrl(s[1])))
059ec3d9
PH
884 {
885 sep = s[1];
b72f857f 886 if (*++s) ++s;
ec95d1a6 887 while (isspace(*s) && *s != sep) s++;
059ec3d9
PH
888 }
889 else
8b455685 890 sep = sep ? -sep : ':';
059ec3d9
PH
891 *separator = sep;
892 }
893
ec95d1a6
PH
894/* An empty string has no list elements */
895
8b455685 896if (!*s) return NULL;
059ec3d9 897
ec95d1a6
PH
898/* Note whether whether or not the separator is an iscntrl() character. */
899
900sep_is_special = iscntrl(sep);
901
059ec3d9
PH
902/* Handle the case when a buffer is provided. */
903
617d3932 904if (buffer)
059ec3d9 905 {
d4ff61d1 906 int p = 0;
ba74fb8d
JH
907 if (is_tainted(s) && !is_tainted(buffer))
908 die_tainted(US"string_nextinlist", func, line);
8b455685 909 for (; *s; s++)
059ec3d9 910 {
ec95d1a6 911 if (*s == sep && (*(++s) != sep || sep_is_special)) break;
059ec3d9
PH
912 if (p < buflen - 1) buffer[p++] = *s;
913 }
914 while (p > 0 && isspace(buffer[p-1])) p--;
8b455685 915 buffer[p] = '\0';
059ec3d9
PH
916 }
917
918/* Handle the case when a buffer is not provided. */
919
920else
921 {
acec9514 922 gstring * g = NULL;
ec95d1a6 923
059ec3d9 924 /* We know that *s != 0 at this point. However, it might be pointing to a
ec95d1a6
PH
925 separator, which could indicate an empty string, or (if an ispunct()
926 character) could be doubled to indicate a separator character as data at the
927 start of a string. Avoid getting working memory for an empty item. */
059ec3d9
PH
928
929 if (*s == sep)
930 {
931 s++;
ec95d1a6
PH
932 if (*s != sep || sep_is_special)
933 {
934 *listptr = s;
935 return string_copy(US"");
936 }
059ec3d9
PH
937 }
938
ec95d1a6
PH
939 /* Not an empty string; the first character is guaranteed to be a data
940 character. */
941
942 for (;;)
059ec3d9 943 {
d7978c0f
JH
944 const uschar * ss;
945 for (ss = s + 1; *ss && *ss != sep; ) ss++;
acec9514 946 g = string_catn(g, s, ss-s);
ec95d1a6 947 s = ss;
8b455685 948 if (!*s || *++s != sep || sep_is_special) break;
059ec3d9 949 }
acec9514
JH
950 while (g->ptr > 0 && isspace(g->s[g->ptr-1])) g->ptr--;
951 buffer = string_from_gstring(g);
e59797e3 952 gstring_release_unused(g);
059ec3d9
PH
953 }
954
955/* Update the current pointer and return the new string */
956
957*listptr = s;
958return buffer;
959}
059ec3d9
PH
960
961
4226691b
JH
962static const uschar *
963Ustrnchr(const uschar * s, int c, unsigned * len)
964{
965unsigned siz = *len;
966while (siz)
967 {
968 if (!*s) return NULL;
969 if (*s == c)
970 {
971 *len = siz;
972 return s;
973 }
974 s++;
975 siz--;
976 }
977return NULL;
978}
979
980
76146973 981/************************************************
1d9ddac9 982* Add element to separated list *
76146973 983************************************************/
4226691b
JH
984/* This function is used to build a list, returning an allocated null-terminated
985growable string. The given element has any embedded separator characters
76146973
JH
986doubled.
987
4226691b
JH
988Despite having the same growable-string interface as string_cat() the list is
989always returned null-terminated.
990
76146973 991Arguments:
acec9514 992 list expanding-string for the list that is being built, or NULL
76146973 993 if this is a new list that has no contents yet
4c04137d
JS
994 sep list separator character
995 ele new element to be appended to the list
76146973
JH
996
997Returns: pointer to the start of the list, changed if copied for expansion.
998*/
999
acec9514
JH
1000gstring *
1001string_append_listele(gstring * list, uschar sep, const uschar * ele)
76146973 1002{
76146973
JH
1003uschar * sp;
1004
acec9514
JH
1005if (list && list->ptr)
1006 list = string_catn(list, &sep, 1);
76146973 1007
e3dd1d67 1008while((sp = Ustrchr(ele, sep)))
76146973 1009 {
acec9514
JH
1010 list = string_catn(list, ele, sp-ele+1);
1011 list = string_catn(list, &sep, 1);
76146973
JH
1012 ele = sp+1;
1013 }
acec9514
JH
1014list = string_cat(list, ele);
1015(void) string_from_gstring(list);
4226691b 1016return list;
76146973 1017}
00ba27c5
JH
1018
1019
acec9514
JH
1020gstring *
1021string_append_listele_n(gstring * list, uschar sep, const uschar * ele,
1022 unsigned len)
00ba27c5 1023{
00ba27c5
JH
1024const uschar * sp;
1025
acec9514
JH
1026if (list && list->ptr)
1027 list = string_catn(list, &sep, 1);
00ba27c5
JH
1028
1029while((sp = Ustrnchr(ele, sep, &len)))
1030 {
acec9514
JH
1031 list = string_catn(list, ele, sp-ele+1);
1032 list = string_catn(list, &sep, 1);
00ba27c5
JH
1033 ele = sp+1;
1034 len--;
1035 }
acec9514
JH
1036list = string_catn(list, ele, len);
1037(void) string_from_gstring(list);
4226691b 1038return list;
00ba27c5 1039}
76146973
JH
1040
1041
059ec3d9 1042
bce15b62
JH
1043/* A slightly-bogus listmaker utility; the separator is a string so
1044can be multiple chars - there is no checking for the element content
1045containing any of the separator. */
1046
1047gstring *
1048string_append2_listele_n(gstring * list, const uschar * sepstr,
1049 const uschar * ele, unsigned len)
1050{
bce15b62
JH
1051if (list && list->ptr)
1052 list = string_cat(list, sepstr);
1053
1054list = string_catn(list, ele, len);
1055(void) string_from_gstring(list);
1056return list;
1057}
1058
1059
1060
acec9514 1061/************************************************/
f3ebb786
JH
1062/* Add more space to a growable-string. The caller should check
1063first if growth is required. The gstring struct is modified on
1064return; specifically, the string-base-pointer may have been changed.
d12746bc
JH
1065
1066Arguments:
1067 g the growable-string
f3ebb786 1068 count amount needed for g->ptr to increase by
938593e9
JH
1069*/
1070
1071static void
f3ebb786 1072gstring_grow(gstring * g, int count)
acec9514 1073{
f3ebb786 1074int p = g->ptr;
acec9514 1075int oldsize = g->size;
f3ebb786 1076BOOL tainted = is_tainted(g->s);
acec9514
JH
1077
1078/* Mostly, string_cat() is used to build small strings of a few hundred
1079characters at most. There are times, however, when the strings are very much
1080longer (for example, a lookup that returns a vast number of alias addresses).
1081To try to keep things reasonable, we use increments whose size depends on the
1082existing length of the string. */
1083
1084unsigned inc = oldsize < 4096 ? 127 : 1023;
f3ebb786
JH
1085
1086if (count <= 0) return;
1087g->size = (p + count + inc + 1) & ~inc; /* one for a NUL */
acec9514
JH
1088
1089/* Try to extend an existing allocation. If the result of calling
1090store_extend() is false, either there isn't room in the current memory block,
1091or this string is not the top item on the dynamic store stack. We then have
1092to get a new chunk of store and copy the old string. When building large
1093strings, it is helpful to call store_release() on the old string, to release
1094memory blocks that have become empty. (The block will be freed if the string
1095is at its start.) However, we can do this only if we know that the old string
1096was the last item on the dynamic memory stack. This is the case if it matches
1097store_last_get. */
1098
f3ebb786
JH
1099if (!store_extend(g->s, tainted, oldsize, g->size))
1100 g->s = store_newblock(g->s, tainted, g->size, p);
acec9514
JH
1101}
1102
1103
1104
d12746bc
JH
1105/*************************************************
1106* Add chars to string *
1107*************************************************/
059ec3d9
PH
1108/* This function is used when building up strings of unknown length. Room is
1109always left for a terminating zero to be added to the string that is being
1110built. This function does not require the string that is being added to be NUL
1111terminated, because the number of characters to add is given explicitly. It is
1112sometimes called to extract parts of other strings.
1113
1114Arguments:
1115 string points to the start of the string that is being built, or NULL
1116 if this is a new string that has no contents yet
059ec3d9
PH
1117 s points to characters to add
1118 count count of characters to add; must not exceed the length of s, if s
42055a33 1119 is a C string.
059ec3d9 1120
059ec3d9
PH
1121Returns: pointer to the start of the string, changed if copied for expansion.
1122 Note that a NUL is not added, though space is left for one. This is
1123 because string_cat() is often called multiple times to build up a
1124 string - there's no point adding the NUL till the end.
a1b8a755 1125
059ec3d9 1126*/
96f5fe4c 1127/* coverity[+alloc] */
059ec3d9 1128
acec9514
JH
1129gstring *
1130string_catn(gstring * g, const uschar *s, int count)
059ec3d9 1131{
acec9514 1132int p;
f3ebb786 1133BOOL srctaint = is_tainted(s);
059ec3d9 1134
acec9514 1135if (!g)
059ec3d9 1136 {
acec9514
JH
1137 unsigned inc = count < 4096 ? 127 : 1023;
1138 unsigned size = ((count + inc) & ~inc) + 1;
f3ebb786 1139 g = string_get_tainted(size, srctaint);
059ec3d9 1140 }
f3ebb786
JH
1141else if (srctaint && !is_tainted(g->s))
1142 gstring_rebuffer(g);
059ec3d9 1143
acec9514
JH
1144p = g->ptr;
1145if (p + count >= g->size)
f3ebb786 1146 gstring_grow(g, count);
acec9514 1147
059ec3d9
PH
1148/* Because we always specify the exact number of characters to copy, we can
1149use memcpy(), which is likely to be more efficient than strncopy() because the
acec9514 1150latter has to check for zero bytes. */
059ec3d9 1151
acec9514
JH
1152memcpy(g->s + p, s, count);
1153g->ptr = p + count;
1154return g;
059ec3d9 1155}
c3aefacc
HSHR
1156
1157
acec9514
JH
1158gstring *
1159string_cat(gstring *string, const uschar *s)
c2f669a4 1160{
acec9514 1161return string_catn(string, s, Ustrlen(s));
c2f669a4 1162}
059ec3d9
PH
1163
1164
1165
059ec3d9
PH
1166/*************************************************
1167* Append strings to another string *
1168*************************************************/
1169
1170/* This function can be used to build a string from many other strings.
1171It calls string_cat() to do the dirty work.
1172
1173Arguments:
acec9514 1174 string expanding-string that is being built, or NULL
059ec3d9 1175 if this is a new string that has no contents yet
059ec3d9
PH
1176 count the number of strings to append
1177 ... "count" uschar* arguments, which must be valid zero-terminated
1178 C strings
1179
1180Returns: pointer to the start of the string, changed if copied for expansion.
1181 The string is not zero-terminated - see string_cat() above.
1182*/
1183
acec9514
JH
1184__inline__ gstring *
1185string_append(gstring *string, int count, ...)
059ec3d9
PH
1186{
1187va_list ap;
059ec3d9
PH
1188
1189va_start(ap, count);
acec9514 1190while (count-- > 0)
059ec3d9
PH
1191 {
1192 uschar *t = va_arg(ap, uschar *);
acec9514 1193 string = string_cat(string, t);
059ec3d9
PH
1194 }
1195va_end(ap);
1196
1197return string;
1198}
1199#endif
1200
1201
1202
1203/*************************************************
1204* Format a string with length checks *
1205*************************************************/
1206
1207/* This function is used to format a string with checking of the length of the
1208output for all conversions. It protects Exim from absent-mindedness when
1209calling functions like debug_printf and string_sprintf, and elsewhere. There
1210are two different entry points to what is actually the same function, depending
1211on whether the variable length list of data arguments are given explicitly or
1212as a va_list item.
1213
1214The formats are the usual printf() ones, with some omissions (never used) and
c0b9d3e8 1215three additions for strings: %S forces lower case, %T forces upper case, and
acec9514 1216%#s or %#S prints nothing for a NULL string. Without the # "NULL" is printed
c0b9d3e8
JH
1217(useful in debugging). There is also the addition of %D and %M, which insert
1218the date in the form used for datestamped log files.
059ec3d9
PH
1219
1220Arguments:
1221 buffer a buffer in which to put the formatted string
1222 buflen the length of the buffer
1223 format the format string - deliberately char * and not uschar *
1224 ... or ap variable list of supplementary arguments
1225
1226Returns: TRUE if the result fitted in the buffer
1227*/
1228
1229BOOL
f3ebb786
JH
1230string_format_trc(uschar * buffer, int buflen,
1231 const uschar * func, unsigned line, const char * format, ...)
059ec3d9 1232{
d12746bc 1233gstring g = { .size = buflen, .ptr = 0, .s = buffer }, *gp;
059ec3d9
PH
1234va_list ap;
1235va_start(ap, format);
f3ebb786
JH
1236gp = string_vformat_trc(&g, func, line, STRING_SPRINTF_BUFFER_SIZE,
1237 0, format, ap);
059ec3d9 1238va_end(ap);
d12746bc
JH
1239g.s[g.ptr] = '\0';
1240return !!gp;
059ec3d9
PH
1241}
1242
1243
d12746bc 1244
d12746bc 1245
f3ebb786 1246/* Build or append to a growing-string, sprintf-style.
d12746bc 1247
b273058b
JH
1248Arguments:
1249 g a growable-string
1250 func called-from function name, for debug
1251 line called-from file line number, for debug
1252 limit maximum string size
1253 flags see below
1254 format printf-like format string
1255 ap variable-args pointer
1256
1257Flags:
1258 SVFMT_EXTEND buffer can be created or exteded as needed
1259 SVFMT_REBUFFER buffer can be recopied to tainted mem as needed
1260 SVFMT_TAINT_NOCHK do not check inputs for taint
1261
f3ebb786
JH
1262If the "extend" flag is true, the string passed in can be NULL,
1263empty, or non-empty. Growing is subject to an overall limit given
b273058b 1264by the limit argument.
d12746bc 1265
f3ebb786 1266If the "extend" flag is false, the string passed in may not be NULL,
d12746bc
JH
1267will not be grown, and is usable in the original place after return.
1268The return value can be NULL to signify overflow.
1269
adc4ecf9
JH
1270Returns the possibly-new (if copy for growth or taint-handling was needed)
1271string, not nul-terminated.
d12746bc
JH
1272*/
1273
1274gstring *
f3ebb786
JH
1275string_vformat_trc(gstring * g, const uschar * func, unsigned line,
1276 unsigned size_limit, unsigned flags, const char *format, va_list ap)
059ec3d9 1277{
d12746bc
JH
1278enum ltypes { L_NORMAL=1, L_SHORT=2, L_LONG=3, L_LONGLONG=4, L_LONGDOUBLE=5, L_SIZE=6 };
1279
f3ebb786 1280int width, precision, off, lim, need;
d12746bc 1281const char * fp = format; /* Deliberately not unsigned */
f3ebb786 1282BOOL dest_tainted = FALSE;
b1c749bb 1283
d12746bc
JH
1284string_datestamp_offset = -1; /* Datestamp not inserted */
1285string_datestamp_length = 0; /* Datestamp not inserted */
1286string_datestamp_type = 0; /* Datestamp not inserted */
059ec3d9 1287
d12746bc 1288#ifdef COMPILE_UTILITY
f3ebb786 1289assert(!(flags & SVFMT_EXTEND));
d12746bc
JH
1290assert(g);
1291#else
1292
1293/* Ensure we have a string, to save on checking later */
1294if (!g) g = string_get(16);
f3ebb786
JH
1295else if (!(flags & SVFMT_TAINT_NOCHK)) dest_tainted = is_tainted(g->s);
1296
1297if (!(flags & SVFMT_TAINT_NOCHK) && !dest_tainted && is_tainted(format))
1298 {
aaabfafe 1299#ifndef MACRO_PREDEF
f3ebb786
JH
1300 if (!(flags & SVFMT_REBUFFER))
1301 die_tainted(US"string_vformat", func, line);
aaabfafe 1302#endif
f3ebb786
JH
1303 gstring_rebuffer(g);
1304 dest_tainted = TRUE;
1305 }
d12746bc
JH
1306#endif /*!COMPILE_UTILITY*/
1307
1308lim = g->size - 1; /* leave one for a nul */
1309off = g->ptr; /* remember initial offset in gstring */
059ec3d9
PH
1310
1311/* Scan the format and handle the insertions */
1312
d12746bc 1313while (*fp)
059ec3d9 1314 {
b1c749bb 1315 int length = L_NORMAL;
059ec3d9
PH
1316 int *nptr;
1317 int slen;
d12746bc
JH
1318 const char *null = "NULL"; /* ) These variables */
1319 const char *item_start, *s; /* ) are deliberately */
1320 char newformat[16]; /* ) not unsigned */
1321 char * gp = CS g->s + g->ptr; /* ) */
059ec3d9
PH
1322
1323 /* Non-% characters just get copied verbatim */
1324
1325 if (*fp != '%')
1326 {
d12746bc 1327 /* Avoid string_copyn() due to COMPILE_UTILITY */
f3ebb786 1328 if ((need = g->ptr + 1) > lim)
1100a343 1329 {
f3ebb786
JH
1330 if (!(flags & SVFMT_EXTEND) || need > size_limit) return NULL;
1331 gstring_grow(g, 1);
1100a343
JH
1332 lim = g->size - 1;
1333 }
d12746bc 1334 g->s[g->ptr++] = (uschar) *fp++;
059ec3d9
PH
1335 continue;
1336 }
1337
1338 /* Deal with % characters. Pick off the width and precision, for checking
1339 strings, skipping over the flag and modifier characters. */
1340
1341 item_start = fp;
1342 width = precision = -1;
1343
1344 if (strchr("-+ #0", *(++fp)) != NULL)
1345 {
1346 if (*fp == '#') null = "";
1347 fp++;
1348 }
1349
1350 if (isdigit((uschar)*fp))
1351 {
1352 width = *fp++ - '0';
1353 while (isdigit((uschar)*fp)) width = width * 10 + *fp++ - '0';
1354 }
1355 else if (*fp == '*')
1356 {
1357 width = va_arg(ap, int);
1358 fp++;
1359 }
1360
1361 if (*fp == '.')
059ec3d9
PH
1362 if (*(++fp) == '*')
1363 {
1364 precision = va_arg(ap, int);
1365 fp++;
1366 }
1367 else
d12746bc
JH
1368 for (precision = 0; isdigit((uschar)*fp); fp++)
1369 precision = precision*10 + *fp - '0';
059ec3d9 1370
91a246f6 1371 /* Skip over 'h', 'L', 'l', 'll' and 'z', remembering the item length */
b1c749bb
PH
1372
1373 if (*fp == 'h')
1374 { fp++; length = L_SHORT; }
1375 else if (*fp == 'L')
1376 { fp++; length = L_LONGDOUBLE; }
1377 else if (*fp == 'l')
b1c749bb 1378 if (fp[1] == 'l')
d12746bc 1379 { fp += 2; length = L_LONGLONG; }
b1c749bb 1380 else
d12746bc 1381 { fp++; length = L_LONG; }
91a246f6
PP
1382 else if (*fp == 'z')
1383 { fp++; length = L_SIZE; }
059ec3d9
PH
1384
1385 /* Handle each specific format type. */
1386
1387 switch (*fp++)
1388 {
1389 case 'n':
d12746bc
JH
1390 nptr = va_arg(ap, int *);
1391 *nptr = g->ptr - off;
1392 break;
059ec3d9
PH
1393
1394 case 'd':
1395 case 'o':
1396 case 'u':
1397 case 'x':
1398 case 'X':
d12746bc 1399 width = length > L_LONG ? 24 : 12;
f3ebb786 1400 if ((need = g->ptr + width) > lim)
1100a343 1401 {
f3ebb786
JH
1402 if (!(flags & SVFMT_EXTEND) || need >= size_limit) return NULL;
1403 gstring_grow(g, width);
1100a343
JH
1404 lim = g->size - 1;
1405 gp = CS g->s + g->ptr;
1406 }
d12746bc
JH
1407 strncpy(newformat, item_start, fp - item_start);
1408 newformat[fp - item_start] = 0;
b1c749bb 1409
d12746bc
JH
1410 /* Short int is promoted to int when passing through ..., so we must use
1411 int for va_arg(). */
b1c749bb 1412
d12746bc
JH
1413 switch(length)
1414 {
1415 case L_SHORT:
1416 case L_NORMAL:
1417 g->ptr += sprintf(gp, newformat, va_arg(ap, int)); break;
1418 case L_LONG:
1419 g->ptr += sprintf(gp, newformat, va_arg(ap, long int)); break;
1420 case L_LONGLONG:
1421 g->ptr += sprintf(gp, newformat, va_arg(ap, LONGLONG_T)); break;
1422 case L_SIZE:
1423 g->ptr += sprintf(gp, newformat, va_arg(ap, size_t)); break;
1424 }
1425 break;
059ec3d9
PH
1426
1427 case 'p':
2e8db779
JH
1428 {
1429 void * ptr;
f3ebb786 1430 if ((need = g->ptr + 24) > lim)
1100a343 1431 {
f3ebb786
JH
1432 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1433 gstring_grow(g, 24);
1100a343
JH
1434 lim = g->size - 1;
1435 gp = CS g->s + g->ptr;
1436 }
81f358da
JH
1437 /* sprintf() saying "(nil)" for a null pointer seems unreliable.
1438 Handle it explicitly. */
2e8db779
JH
1439 if ((ptr = va_arg(ap, void *)))
1440 {
1441 strncpy(newformat, item_start, fp - item_start);
1442 newformat[fp - item_start] = 0;
d12746bc 1443 g->ptr += sprintf(gp, newformat, ptr);
2e8db779
JH
1444 }
1445 else
d12746bc 1446 g->ptr += sprintf(gp, "(nil)");
2e8db779 1447 }
059ec3d9
PH
1448 break;
1449
1450 /* %f format is inherently insecure if the numbers that it may be
870f6ba8
TF
1451 handed are unknown (e.g. 1e300). However, in Exim, %f is used for
1452 printing load averages, and these are actually stored as integers
1453 (load average * 1000) so the size of the numbers is constrained.
1454 It is also used for formatting sending rates, where the simplicity
1455 of the format prevents overflow. */
059ec3d9
PH
1456
1457 case 'f':
1458 case 'e':
1459 case 'E':
1460 case 'g':
1461 case 'G':
d12746bc 1462 if (precision < 0) precision = 6;
f3ebb786 1463 if ((need = g->ptr + precision + 8) > lim)
1100a343 1464 {
f3ebb786
JH
1465 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1466 gstring_grow(g, precision+8);
1100a343
JH
1467 lim = g->size - 1;
1468 gp = CS g->s + g->ptr;
1469 }
d12746bc
JH
1470 strncpy(newformat, item_start, fp - item_start);
1471 newformat[fp-item_start] = 0;
1472 if (length == L_LONGDOUBLE)
1473 g->ptr += sprintf(gp, newformat, va_arg(ap, long double));
1474 else
1475 g->ptr += sprintf(gp, newformat, va_arg(ap, double));
1476 break;
059ec3d9
PH
1477
1478 /* String types */
1479
1480 case '%':
f3ebb786 1481 if ((need = g->ptr + 1) > lim)
1100a343 1482 {
f3ebb786
JH
1483 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1484 gstring_grow(g, 1);
1100a343
JH
1485 lim = g->size - 1;
1486 }
d12746bc
JH
1487 g->s[g->ptr++] = (uschar) '%';
1488 break;
059ec3d9
PH
1489
1490 case 'c':
f3ebb786 1491 if ((need = g->ptr + 1) > lim)
1100a343 1492 {
f3ebb786
JH
1493 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1494 gstring_grow(g, 1);
1100a343
JH
1495 lim = g->size - 1;
1496 }
d12746bc
JH
1497 g->s[g->ptr++] = (uschar) va_arg(ap, int);
1498 break;
059ec3d9 1499
f1e5fef5 1500 case 'D': /* Insert daily datestamp for log file names */
d12746bc
JH
1501 s = CS tod_stamp(tod_log_datestamp_daily);
1502 string_datestamp_offset = g->ptr; /* Passed back via global */
1503 string_datestamp_length = Ustrlen(s); /* Passed back via global */
1504 string_datestamp_type = tod_log_datestamp_daily;
1505 slen = string_datestamp_length;
1506 goto INSERT_STRING;
f1e5fef5
PP
1507
1508 case 'M': /* Insert monthly datestamp for log file names */
d12746bc
JH
1509 s = CS tod_stamp(tod_log_datestamp_monthly);
1510 string_datestamp_offset = g->ptr; /* Passed back via global */
1511 string_datestamp_length = Ustrlen(s); /* Passed back via global */
1512 string_datestamp_type = tod_log_datestamp_monthly;
1513 slen = string_datestamp_length;
1514 goto INSERT_STRING;
059ec3d9
PH
1515
1516 case 's':
1517 case 'S': /* Forces *lower* case */
c0b9d3e8 1518 case 'T': /* Forces *upper* case */
d12746bc 1519 s = va_arg(ap, char *);
059ec3d9 1520
d12746bc
JH
1521 if (!s) s = null;
1522 slen = Ustrlen(s);
059ec3d9 1523
f3ebb786
JH
1524 if (!(flags & SVFMT_TAINT_NOCHK) && !dest_tainted && is_tainted(s))
1525 if (flags & SVFMT_REBUFFER)
1526 {
1527 gstring_rebuffer(g);
1528 gp = CS g->s + g->ptr;
1529 dest_tainted = TRUE;
1530 }
aaabfafe 1531#ifndef MACRO_PREDEF
f3ebb786
JH
1532 else
1533 die_tainted(US"string_vformat", func, line);
aaabfafe 1534#endif
f3ebb786 1535
f1e5fef5
PP
1536 INSERT_STRING: /* Come to from %D or %M above */
1537
059ec3d9 1538 {
d12746bc 1539 BOOL truncated = FALSE;
059ec3d9 1540
d12746bc
JH
1541 /* If the width is specified, check that there is a precision
1542 set; if not, set it to the width to prevent overruns of long
1543 strings. */
059ec3d9 1544
d12746bc
JH
1545 if (width >= 0)
1546 {
1547 if (precision < 0) precision = width;
1548 }
059ec3d9 1549
d12746bc
JH
1550 /* If a width is not specified and the precision is specified, set
1551 the width to the precision, or the string length if shorted. */
059ec3d9 1552
d12746bc
JH
1553 else if (precision >= 0)
1554 width = precision < slen ? precision : slen;
059ec3d9 1555
d12746bc 1556 /* If neither are specified, set them both to the string length. */
059ec3d9 1557
d12746bc
JH
1558 else
1559 width = precision = slen;
1560
f3ebb786 1561 if ((need = g->ptr + width) >= size_limit || !(flags & SVFMT_EXTEND))
d12746bc
JH
1562 {
1563 if (g->ptr == lim) return NULL;
f3ebb786 1564 if (need > lim)
d12746bc
JH
1565 {
1566 truncated = TRUE;
1567 width = precision = lim - g->ptr - 1;
1568 if (width < 0) width = 0;
1569 if (precision < 0) precision = 0;
1570 }
1571 }
f3ebb786 1572 else if (need > lim)
1100a343 1573 {
f3ebb786 1574 gstring_grow(g, width);
1100a343
JH
1575 lim = g->size - 1;
1576 gp = CS g->s + g->ptr;
1577 }
d12746bc
JH
1578
1579 g->ptr += sprintf(gp, "%*.*s", width, precision, s);
1580 if (fp[-1] == 'S')
1581 while (*gp) { *gp = tolower(*gp); gp++; }
1582 else if (fp[-1] == 'T')
1583 while (*gp) { *gp = toupper(*gp); gp++; }
1584
1585 if (truncated) return NULL;
1586 break;
059ec3d9 1587 }
059ec3d9
PH
1588
1589 /* Some things are never used in Exim; also catches junk. */
1590
1591 default:
d12746bc
JH
1592 strncpy(newformat, item_start, fp - item_start);
1593 newformat[fp-item_start] = 0;
1594 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "string_format: unsupported type "
1595 "in \"%s\" in \"%s\"", newformat, format);
1596 break;
059ec3d9
PH
1597 }
1598 }
1599
f3ebb786
JH
1600if (g->ptr > g->size)
1601 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1602 "string_format internal error: caller %s %d", func, line);
d12746bc
JH
1603return g;
1604}
059ec3d9 1605
059ec3d9 1606
d12746bc
JH
1607
1608#ifndef COMPILE_UTILITY
059ec3d9
PH
1609/*************************************************
1610* Generate an "open failed" message *
1611*************************************************/
1612
1613/* This function creates a message after failure to open a file. It includes a
1614string supplied as data, adds the strerror() text, and if the failure was
1615"Permission denied", reads and includes the euid and egid.
1616
1617Arguments:
1618 eno the value of errno after the failure
1619 format a text format string - deliberately not uschar *
1620 ... arguments for the format string
1621
1622Returns: a message, in dynamic store
1623*/
1624
1625uschar *
f3ebb786
JH
1626string_open_failed_trc(int eno, const uschar * func, unsigned line,
1627 const char *format, ...)
059ec3d9
PH
1628{
1629va_list ap;
d12746bc 1630gstring * g = string_get(1024);
059ec3d9 1631
d12746bc 1632g = string_catn(g, US"failed to open ", 15);
059ec3d9
PH
1633
1634/* Use the checked formatting routine to ensure that the buffer
1635does not overflow. It should not, since this is called only for internally
1636specified messages. If it does, the message just gets truncated, and there
1637doesn't seem much we can do about that. */
1638
d12746bc 1639va_start(ap, format);
f3ebb786 1640(void) string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE,
ba74fb8d 1641 SVFMT_REBUFFER, format, ap);
d12746bc 1642string_from_gstring(g);
e59797e3 1643gstring_release_unused(g);
cb570b5e 1644va_end(ap);
059ec3d9 1645
d12746bc
JH
1646return eno == EACCES
1647 ? string_sprintf("%s: %s (euid=%ld egid=%ld)", g->s, strerror(eno),
1648 (long int)geteuid(), (long int)getegid())
1649 : string_sprintf("%s: %s", g->s, strerror(eno));
059ec3d9
PH
1650}
1651#endif /* COMPILE_UTILITY */
1652
1653
1654
059ec3d9
PH
1655
1656
bc3c7bb7
HSHR
1657#ifndef COMPILE_UTILITY
1658/* qsort(3), currently used to sort the environment variables
1659for -bP environment output, needs a function to compare two pointers to string
1660pointers. Here it is. */
1661
1662int
84bbb4d8 1663string_compare_by_pointer(const void *a, const void *b)
bc3c7bb7 1664{
35a5627d 1665return Ustrcmp(* CUSS a, * CUSS b);
bc3c7bb7
HSHR
1666}
1667#endif /* COMPILE_UTILITY */
059ec3d9
PH
1668
1669
1670
d12746bc 1671
059ec3d9
PH
1672/*************************************************
1673**************************************************
1674* Stand-alone test program *
1675**************************************************
1676*************************************************/
1677
1678#ifdef STAND_ALONE
1679int main(void)
1680{
1681uschar buffer[256];
1682
1683printf("Testing is_ip_address\n");
1684
1685while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1686 {
1687 int offset;
1688 buffer[Ustrlen(buffer) - 1] = 0;
1689 printf("%d\n", string_is_ip_address(buffer, NULL));
1690 printf("%d %d %s\n", string_is_ip_address(buffer, &offset), offset, buffer);
1691 }
1692
1693printf("Testing string_nextinlist\n");
1694
1695while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1696 {
1697 uschar *list = buffer;
1698 uschar *lp1, *lp2;
1699 uschar item[256];
1700 int sep1 = 0;
1701 int sep2 = 0;
1702
1703 if (*list == '<')
1704 {
1705 sep1 = sep2 = list[1];
1706 list += 2;
1707 }
1708
1709 lp1 = lp2 = list;
1710 for (;;)
1711 {
1712 uschar *item1 = string_nextinlist(&lp1, &sep1, item, sizeof(item));
1713 uschar *item2 = string_nextinlist(&lp2, &sep2, NULL, 0);
1714
1715 if (item1 == NULL && item2 == NULL) break;
1716 if (item == NULL || item2 == NULL || Ustrcmp(item1, item2) != 0)
1717 {
1718 printf("***ERROR\nitem1=\"%s\"\nitem2=\"%s\"\n",
1719 (item1 == NULL)? "NULL" : CS item1,
1720 (item2 == NULL)? "NULL" : CS item2);
1721 break;
1722 }
1723 else printf(" \"%s\"\n", CS item1);
1724 }
1725 }
1726
1727/* This is a horrible lash-up, but it serves its purpose. */
1728
1729printf("Testing string_format\n");
1730
1731while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1732 {
1733 void *args[3];
ed72ace5 1734 long long llargs[3];
059ec3d9
PH
1735 double dargs[3];
1736 int dflag = 0;
ed72ace5 1737 int llflag = 0;
059ec3d9
PH
1738 int n = 0;
1739 int count;
1740 int countset = 0;
1741 uschar format[256];
1742 uschar outbuf[256];
1743 uschar *s;
1744 buffer[Ustrlen(buffer) - 1] = 0;
1745
1746 s = Ustrchr(buffer, ',');
1747 if (s == NULL) s = buffer + Ustrlen(buffer);
1748
1749 Ustrncpy(format, buffer, s - buffer);
1750 format[s-buffer] = 0;
1751
1752 if (*s == ',') s++;
1753
1754 while (*s != 0)
1755 {
1756 uschar *ss = s;
1757 s = Ustrchr(ss, ',');
1758 if (s == NULL) s = ss + Ustrlen(ss);
1759
1760 if (isdigit(*ss))
1761 {
1762 Ustrncpy(outbuf, ss, s-ss);
1763 if (Ustrchr(outbuf, '.') != NULL)
1764 {
1765 dflag = 1;
1766 dargs[n++] = Ustrtod(outbuf, NULL);
1767 }
ed72ace5
PH
1768 else if (Ustrstr(outbuf, "ll") != NULL)
1769 {
1770 llflag = 1;
1771 llargs[n++] = strtoull(CS outbuf, NULL, 10);
1772 }
059ec3d9
PH
1773 else
1774 {
1775 args[n++] = (void *)Uatoi(outbuf);
1776 }
1777 }
1778
1779 else if (Ustrcmp(ss, "*") == 0)
1780 {
1781 args[n++] = (void *)(&count);
1782 countset = 1;
1783 }
1784
1785 else
1786 {
1787 uschar *sss = malloc(s - ss + 1);
1788 Ustrncpy(sss, ss, s-ss);
1789 args[n++] = sss;
1790 }
1791
1792 if (*s == ',') s++;
1793 }
1794
ed72ace5
PH
1795 if (!dflag && !llflag)
1796 printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1797 args[0], args[1], args[2])? "True" : "False");
1798
1799 else if (dflag)
1800 printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1801 dargs[0], dargs[1], dargs[2])? "True" : "False");
059ec3d9
PH
1802
1803 else printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
ed72ace5 1804 llargs[0], llargs[1], llargs[2])? "True" : "False");
059ec3d9
PH
1805
1806 printf("%s\n", CS outbuf);
1807 if (countset) printf("count=%d\n", count);
1808 }
1809
1810return 0;
1811}
1812#endif
1813
1814/* End of string.c */