Eximon: fix string-handling. Bug 2500
[exim.git] / src / src / string.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
059ec3d9
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8/* Miscellaneous string-handling functions. Some are not required for
9utilities and tests, and are cut out by the COMPILE_UTILITY macro. */
10
11
12#include "exim.h"
d12746bc 13#include <assert.h>
059ec3d9 14
f3ebb786 15static void gstring_rebuffer(gstring * g);
059ec3d9
PH
16
17#ifndef COMPILE_UTILITY
18/*************************************************
19* Test for IP address *
20*************************************************/
21
22/* This used just to be a regular expression, but with IPv6 things are a bit
23more complicated. If the address contains a colon, it is assumed to be a v6
24address (assuming HAVE_IPV6 is set). If a mask is permitted and one is present,
25and maskptr is not NULL, its offset is placed there.
26
27Arguments:
28 s a string
29 maskptr NULL if no mask is permitted to follow
30 otherwise, points to an int where the offset of '/' is placed
1688f43b 31 if there is no / followed by trailing digits, *maskptr is set 0
059ec3d9
PH
32
33Returns: 0 if the string is not a textual representation of an IP address
34 4 if it is an IPv4 address
35 6 if it is an IPv6 address
36*/
37
38int
b1f8e4f8 39string_is_ip_address(const uschar *s, int *maskptr)
059ec3d9 40{
059ec3d9
PH
41int yield = 4;
42
43/* If an optional mask is permitted, check for it. If found, pass back the
44offset. */
45
8d909960 46if (maskptr)
059ec3d9 47 {
b1f8e4f8 48 const uschar *ss = s + Ustrlen(s);
059ec3d9
PH
49 *maskptr = 0;
50 if (s != ss && isdigit(*(--ss)))
51 {
52 while (ss > s && isdigit(ss[-1])) ss--;
53 if (ss > s && *(--ss) == '/') *maskptr = ss - s;
54 }
55 }
56
57/* A colon anywhere in the string => IPv6 address */
58
59if (Ustrchr(s, ':') != NULL)
60 {
61 BOOL had_double_colon = FALSE;
62 BOOL v4end = FALSE;
059ec3d9
PH
63
64 yield = 6;
65
66 /* An IPv6 address must start with hex digit or double colon. A single
67 colon is invalid. */
68
69 if (*s == ':' && *(++s) != ':') return 0;
70
71 /* Now read up to 8 components consisting of up to 4 hex digits each. There
72 may be one and only one appearance of double colon, which implies any number
73 of binary zero bits. The number of preceding components is held in count. */
74
d7978c0f 75 for (int count = 0; count < 8; count++)
059ec3d9
PH
76 {
77 /* If the end of the string is reached before reading 8 components, the
78 address is valid provided a double colon has been read. This also applies
79 if we hit the / that introduces a mask or the % that introduces the
80 interface specifier (scope id) of a link-local address. */
81
8d909960 82 if (*s == 0 || *s == '%' || *s == '/') return had_double_colon ? yield : 0;
059ec3d9
PH
83
84 /* If a component starts with an additional colon, we have hit a double
85 colon. This is permitted to appear once only, and counts as at least
86 one component. The final component may be of this form. */
87
88 if (*s == ':')
89 {
90 if (had_double_colon) return 0;
91 had_double_colon = TRUE;
92 s++;
93 continue;
94 }
95
96 /* If the remainder of the string contains a dot but no colons, we
97 can expect a trailing IPv4 address. This is valid if either there has
98 been no double-colon and this is the 7th component (with the IPv4 address
99 being the 7th & 8th components), OR if there has been a double-colon
100 and fewer than 6 components. */
101
102 if (Ustrchr(s, ':') == NULL && Ustrchr(s, '.') != NULL)
103 {
104 if ((!had_double_colon && count != 6) ||
105 (had_double_colon && count > 6)) return 0;
106 v4end = TRUE;
107 yield = 6;
108 break;
109 }
110
111 /* Check for at least one and not more than 4 hex digits for this
112 component. */
113
114 if (!isxdigit(*s++)) return 0;
115 if (isxdigit(*s) && isxdigit(*(++s)) && isxdigit(*(++s))) s++;
116
117 /* If the component is terminated by colon and there is more to
118 follow, skip over the colon. If there is no more to follow the address is
119 invalid. */
120
121 if (*s == ':' && *(++s) == 0) return 0;
122 }
123
124 /* If about to handle a trailing IPv4 address, drop through. Otherwise
125 all is well if we are at the end of the string or at the mask or at a percent
126 sign, which introduces the interface specifier (scope id) of a link local
127 address. */
128
1688f43b
PH
129 if (!v4end)
130 return (*s == 0 || *s == '%' ||
131 (*s == '/' && maskptr != NULL && *maskptr != 0))? yield : 0;
059ec3d9
PH
132 }
133
134/* Test for IPv4 address, which may be the tail-end of an IPv6 address. */
135
d7978c0f 136for (int i = 0; i < 4; i++)
059ec3d9 137 {
8d909960
JH
138 long n;
139 uschar * end;
140
059ec3d9 141 if (i != 0 && *s++ != '.') return 0;
8d909960
JH
142 n = strtol(CCS s, CSS &end, 10);
143 if (n > 255 || n < 0 || end <= s || end > s+3) return 0;
144 s = end;
059ec3d9
PH
145 }
146
8d909960 147return !*s || (*s == '/' && maskptr && *maskptr != 0) ? yield : 0;
059ec3d9
PH
148}
149#endif /* COMPILE_UTILITY */
150
151
152/*************************************************
153* Format message size *
154*************************************************/
155
156/* Convert a message size in bytes to printing form, rounding
157according to the magnitude of the number. A value of zero causes
158a string of spaces to be returned.
159
160Arguments:
161 size the message size in bytes
162 buffer where to put the answer
163
164Returns: pointer to the buffer
165 a string of exactly 5 characters is normally returned
166*/
167
168uschar *
169string_format_size(int size, uschar *buffer)
170{
f3ebb786 171if (size == 0) Ustrcpy(buffer, US" ");
059ec3d9
PH
172else if (size < 1024) sprintf(CS buffer, "%5d", size);
173else if (size < 10*1024)
174 sprintf(CS buffer, "%4.1fK", (double)size / 1024.0);
175else if (size < 1024*1024)
176 sprintf(CS buffer, "%4dK", (size + 512)/1024);
177else if (size < 10*1024*1024)
178 sprintf(CS buffer, "%4.1fM", (double)size / (1024.0 * 1024.0));
179else
180 sprintf(CS buffer, "%4dM", (size + 512 * 1024)/(1024*1024));
181return buffer;
182}
183
184
185
186#ifndef COMPILE_UTILITY
187/*************************************************
188* Convert a number to base 62 format *
189*************************************************/
190
191/* Convert a long integer into an ASCII base 62 string. For Cygwin the value of
192BASE_62 is actually 36. Always return exactly 6 characters plus zero, in a
193static area.
194
195Argument: a long integer
196Returns: pointer to base 62 string
197*/
198
199uschar *
200string_base62(unsigned long int value)
201{
202static uschar yield[7];
203uschar *p = yield + sizeof(yield) - 1;
204*p = 0;
205while (p > yield)
206 {
207 *(--p) = base62_chars[value % BASE_62];
208 value /= BASE_62;
209 }
210return yield;
211}
212#endif /* COMPILE_UTILITY */
213
214
215
059ec3d9
PH
216/*************************************************
217* Interpret escape sequence *
218*************************************************/
219
220/* This function is called from several places where escape sequences are to be
221interpreted in strings.
222
223Arguments:
224 pp points a pointer to the initiating "\" in the string;
225 the pointer gets updated to point to the final character
c3aefacc
HSHR
226 If the backslash is the last character in the string, it
227 is not interpreted.
059ec3d9
PH
228Returns: the value of the character escape
229*/
230
231int
55414b25 232string_interpret_escape(const uschar **pp)
059ec3d9 233{
3fb3c68d
JH
234#ifdef COMPILE_UTILITY
235const uschar *hex_digits= CUS"0123456789abcdef";
236#endif
059ec3d9 237int ch;
55414b25 238const uschar *p = *pp;
059ec3d9 239ch = *(++p);
c3aefacc 240if (ch == '\0') return **pp;
059ec3d9
PH
241if (isdigit(ch) && ch != '8' && ch != '9')
242 {
243 ch -= '0';
244 if (isdigit(p[1]) && p[1] != '8' && p[1] != '9')
245 {
246 ch = ch * 8 + *(++p) - '0';
247 if (isdigit(p[1]) && p[1] != '8' && p[1] != '9')
248 ch = ch * 8 + *(++p) - '0';
249 }
250 }
251else switch(ch)
252 {
c7396ac5
PP
253 case 'b': ch = '\b'; break;
254 case 'f': ch = '\f'; break;
059ec3d9
PH
255 case 'n': ch = '\n'; break;
256 case 'r': ch = '\r'; break;
257 case 't': ch = '\t'; break;
c7396ac5 258 case 'v': ch = '\v'; break;
059ec3d9
PH
259 case 'x':
260 ch = 0;
261 if (isxdigit(p[1]))
262 {
263 ch = ch * 16 +
264 Ustrchr(hex_digits, tolower(*(++p))) - hex_digits;
265 if (isxdigit(p[1])) ch = ch * 16 +
266 Ustrchr(hex_digits, tolower(*(++p))) - hex_digits;
267 }
268 break;
269 }
270*pp = p;
271return ch;
272}
059ec3d9
PH
273
274
275
276#ifndef COMPILE_UTILITY
277/*************************************************
278* Ensure string is printable *
279*************************************************/
280
281/* This function is called for critical strings. It checks for any
282non-printing characters, and if any are found, it makes a new copy
283of the string with suitable escape sequences. It is most often called by the
284macro string_printing(), which sets allow_tab TRUE.
285
286Arguments:
287 s the input string
288 allow_tab TRUE to allow tab as a printing character
289
290Returns: string with non-printers encoded as printing sequences
291*/
292
55414b25
JH
293const uschar *
294string_printing2(const uschar *s, BOOL allow_tab)
059ec3d9
PH
295{
296int nonprintcount = 0;
297int length = 0;
55414b25 298const uschar *t = s;
059ec3d9
PH
299uschar *ss, *tt;
300
301while (*t != 0)
302 {
303 int c = *t++;
304 if (!mac_isprint(c) || (!allow_tab && c == '\t')) nonprintcount++;
305 length++;
306 }
307
308if (nonprintcount == 0) return s;
309
310/* Get a new block of store guaranteed big enough to hold the
311expanded string. */
312
f3ebb786 313ss = store_get(length + nonprintcount * 3 + 1, is_tainted(s));
059ec3d9 314
4c04137d 315/* Copy everything, escaping non printers. */
059ec3d9
PH
316
317t = s;
318tt = ss;
319
320while (*t != 0)
321 {
322 int c = *t;
323 if (mac_isprint(c) && (allow_tab || c != '\t')) *tt++ = *t++; else
324 {
325 *tt++ = '\\';
326 switch (*t)
327 {
328 case '\n': *tt++ = 'n'; break;
329 case '\r': *tt++ = 'r'; break;
330 case '\b': *tt++ = 'b'; break;
331 case '\v': *tt++ = 'v'; break;
332 case '\f': *tt++ = 'f'; break;
333 case '\t': *tt++ = 't'; break;
334 default: sprintf(CS tt, "%03o", *t); tt += 3; break;
335 }
336 t++;
337 }
338 }
339*tt = 0;
340return ss;
341}
79fe97d8
PP
342#endif /* COMPILE_UTILITY */
343
c7396ac5
PP
344/*************************************************
345* Undo printing escapes in string *
346*************************************************/
347
348/* This function is the reverse of string_printing2. It searches for
349backslash characters and if any are found, it makes a new copy of the
350string with escape sequences parsed. Otherwise it returns the original
351string.
352
353Arguments:
354 s the input string
355
356Returns: string with printing escapes parsed back
357*/
358
359uschar *
360string_unprinting(uschar *s)
361{
362uschar *p, *q, *r, *ss;
363int len, off;
364
365p = Ustrchr(s, '\\');
366if (!p) return s;
367
368len = Ustrlen(s) + 1;
f3ebb786 369ss = store_get(len, is_tainted(s));
c7396ac5
PP
370
371q = ss;
372off = p - s;
373if (off)
374 {
375 memcpy(q, s, off);
376 q += off;
377 }
378
379while (*p)
380 {
381 if (*p == '\\')
382 {
55414b25 383 *q++ = string_interpret_escape((const uschar **)&p);
823ad74f 384 p++;
c7396ac5
PP
385 }
386 else
387 {
388 r = Ustrchr(p, '\\');
389 if (!r)
390 {
391 off = Ustrlen(p);
392 memcpy(q, p, off);
393 p += off;
394 q += off;
395 break;
396 }
397 else
398 {
399 off = r - p;
400 memcpy(q, p, off);
401 q += off;
402 p = r;
403 }
404 }
405 }
406*q = '\0';
407
408return ss;
409}
059ec3d9
PH
410
411
412
413
bf13aee1
JH
414#if (defined(HAVE_LOCAL_SCAN) || defined(EXPAND_DLFUNC)) \
415 && !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
059ec3d9
PH
416/*************************************************
417* Copy and save string *
418*************************************************/
419
f3ebb786 420/*
059ec3d9 421Argument: string to copy
f3ebb786 422Returns: copy of string in new store with the same taint status
059ec3d9
PH
423*/
424
425uschar *
e59797e3 426string_copy_function(const uschar *s)
059ec3d9 427{
f3ebb786
JH
428return string_copy_taint(s, is_tainted(s));
429}
430
431/* This function assumes that memcpy() is faster than strcpy().
432As above, but explicitly specifying the result taint status
433*/
434
435uschar *
d48326c0 436string_copy_taint_function(const uschar * s, BOOL tainted)
f3ebb786 437{
059ec3d9 438int len = Ustrlen(s) + 1;
f3ebb786 439uschar *ss = store_get(len, tainted);
059ec3d9
PH
440memcpy(ss, s, len);
441return ss;
442}
443
444
f3ebb786 445
059ec3d9
PH
446/*************************************************
447* Copy and save string, given length *
448*************************************************/
449
450/* It is assumed the data contains no zeros. A zero is added
451onto the end.
452
453Arguments:
454 s string to copy
455 n number of characters
456
457Returns: copy of string in new store
458*/
459
460uschar *
e59797e3 461string_copyn_function(const uschar *s, int n)
059ec3d9 462{
f3ebb786 463uschar *ss = store_get(n + 1, is_tainted(s));
059ec3d9
PH
464Ustrncpy(ss, s, n);
465ss[n] = 0;
466return ss;
467}
e59797e3 468#endif
059ec3d9
PH
469
470
471/*************************************************
e59797e3 472* Copy and save string in malloc'd store *
059ec3d9
PH
473*************************************************/
474
e59797e3 475/* This function assumes that memcpy() is faster than strcpy().
059ec3d9 476
e59797e3
JH
477Argument: string to copy
478Returns: copy of string in new store
059ec3d9
PH
479*/
480
481uschar *
e59797e3 482string_copy_malloc(const uschar *s)
059ec3d9 483{
e59797e3
JH
484int len = Ustrlen(s) + 1;
485uschar *ss = store_malloc(len);
486memcpy(ss, s, len);
059ec3d9
PH
487return ss;
488}
489
490
491
492/*************************************************
e28326d8
PH
493* Copy string if long, inserting newlines *
494*************************************************/
495
496/* If the given string is longer than 75 characters, it is copied, and within
497the copy, certain space characters are converted into newlines.
498
499Argument: pointer to the string
500Returns: pointer to the possibly altered string
501*/
502
503uschar *
504string_split_message(uschar *msg)
505{
506uschar *s, *ss;
507
508if (msg == NULL || Ustrlen(msg) <= 75) return msg;
509s = ss = msg = string_copy(msg);
510
511for (;;)
512 {
513 int i = 0;
514 while (i < 75 && *ss != 0 && *ss != '\n') ss++, i++;
515 if (*ss == 0) break;
516 if (*ss == '\n')
517 s = ++ss;
518 else
519 {
520 uschar *t = ss + 1;
521 uschar *tt = NULL;
522 while (--t > s + 35)
523 {
524 if (*t == ' ')
525 {
526 if (t[-1] == ':') { tt = t; break; }
527 if (tt == NULL) tt = t;
528 }
529 }
530
531 if (tt == NULL) /* Can't split behind - try ahead */
532 {
533 t = ss + 1;
534 while (*t != 0)
535 {
536 if (*t == ' ' || *t == '\n')
537 { tt = t; break; }
538 t++;
539 }
540 }
541
542 if (tt == NULL) break; /* Can't find anywhere to split */
543 *tt = '\n';
544 s = ss = tt+1;
545 }
546 }
547
548return msg;
549}
550
551
552
553/*************************************************
059ec3d9
PH
554* Copy returned DNS domain name, de-escaping *
555*************************************************/
556
557/* If a domain name contains top-bit characters, some resolvers return
558the fully qualified name with those characters turned into escapes. The
559convention is a backslash followed by _decimal_ digits. We convert these
560back into the original binary values. This will be relevant when
561allow_utf8_domains is set true and UTF-8 characters are used in domain
562names. Backslash can also be used to escape other characters, though we
563shouldn't come across them in domain names.
564
565Argument: the domain name string
566Returns: copy of string in new store, de-escaped
567*/
568
569uschar *
570string_copy_dnsdomain(uschar *s)
571{
572uschar *yield;
f3ebb786 573uschar *ss = yield = store_get(Ustrlen(s) + 1, is_tainted(s));
059ec3d9
PH
574
575while (*s != 0)
576 {
577 if (*s != '\\')
578 {
579 *ss++ = *s++;
580 }
581 else if (isdigit(s[1]))
582 {
583 *ss++ = (s[1] - '0')*100 + (s[2] - '0')*10 + s[3] - '0';
584 s += 4;
585 }
586 else if (*(++s) != 0)
587 {
588 *ss++ = *s++;
589 }
590 }
591
592*ss = 0;
593return yield;
594}
595
596
597#ifndef COMPILE_UTILITY
598/*************************************************
599* Copy space-terminated or quoted string *
600*************************************************/
601
602/* This function copies from a string until its end, or until whitespace is
603encountered, unless the string begins with a double quote, in which case the
604terminating quote is sought, and escaping within the string is done. The length
605of a de-quoted string can be no longer than the original, since escaping always
606turns n characters into 1 character.
607
608Argument: pointer to the pointer to the first character, which gets updated
609Returns: the new string
610*/
611
612uschar *
55414b25 613string_dequote(const uschar **sptr)
059ec3d9 614{
55414b25 615const uschar *s = *sptr;
059ec3d9
PH
616uschar *t, *yield;
617
618/* First find the end of the string */
619
620if (*s != '\"')
059ec3d9 621 while (*s != 0 && !isspace(*s)) s++;
059ec3d9
PH
622else
623 {
624 s++;
8c513105 625 while (*s && *s != '\"')
059ec3d9
PH
626 {
627 if (*s == '\\') (void)string_interpret_escape(&s);
628 s++;
629 }
8c513105 630 if (*s) s++;
059ec3d9
PH
631 }
632
633/* Get enough store to copy into */
634
f3ebb786 635t = yield = store_get(s - *sptr + 1, is_tainted(*sptr));
059ec3d9
PH
636s = *sptr;
637
638/* Do the copy */
639
640if (*s != '\"')
059ec3d9 641 while (*s != 0 && !isspace(*s)) *t++ = *s++;
059ec3d9
PH
642else
643 {
644 s++;
645 while (*s != 0 && *s != '\"')
646 {
f3ebb786 647 *t++ = *s == '\\' ? string_interpret_escape(&s) : *s;
059ec3d9
PH
648 s++;
649 }
f3ebb786 650 if (*s) s++;
059ec3d9
PH
651 }
652
653/* Update the pointer and return the terminated copy */
654
655*sptr = s;
656*t = 0;
657return yield;
658}
659#endif /* COMPILE_UTILITY */
660
661
662
663/*************************************************
664* Format a string and save it *
665*************************************************/
666
94759fce 667/* The formatting is done by string_vformat, which checks the length of
13e70f55 668everything. Taint is taken from the worst of the arguments.
059ec3d9
PH
669
670Arguments:
671 format a printf() format - deliberately char * rather than uschar *
672 because it will most usually be a literal string
673 ... arguments for format
674
675Returns: pointer to fresh piece of store containing sprintf'ed string
676*/
677
678uschar *
f3ebb786 679string_sprintf_trc(const char *format, const uschar * func, unsigned line, ...)
059ec3d9 680{
8aa16eb7
JH
681#ifdef COMPILE_UTILITY
682uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
683gstring gs = { .size = STRING_SPRINTF_BUFFER_SIZE, .ptr = 0, .s = buffer };
684gstring * g = &gs;
685unsigned flags = 0;
686#else
687gstring * g = NULL;
688unsigned flags = SVFMT_REBUFFER|SVFMT_EXTEND;
689#endif
d12746bc 690
8aa16eb7 691va_list ap;
f3ebb786 692va_start(ap, line);
8aa16eb7
JH
693g = string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE,
694 flags, format, ap);
059ec3d9 695va_end(ap);
d12746bc 696
f3ebb786 697if (!g)
d12746bc
JH
698 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
699 "string_sprintf expansion was longer than %d; format string was (%s)\n"
f3ebb786
JH
700 " called from %s %d\n",
701 STRING_SPRINTF_BUFFER_SIZE, format, func, line);
d12746bc 702
8aa16eb7
JH
703#ifdef COMPILE_UTILITY
704return string_copyn(g->s, g->ptr);
705#else
f3ebb786
JH
706gstring_release_unused(g);
707return string_from_gstring(g);
8aa16eb7 708#endif
059ec3d9
PH
709}
710
711
712
713/*************************************************
714* Case-independent strncmp() function *
715*************************************************/
716
717/*
718Arguments:
719 s first string
720 t second string
721 n number of characters to compare
722
723Returns: < 0, = 0, or > 0, according to the comparison
724*/
725
726int
1ba28e2b 727strncmpic(const uschar *s, const uschar *t, int n)
059ec3d9
PH
728{
729while (n--)
730 {
731 int c = tolower(*s++) - tolower(*t++);
732 if (c) return c;
733 }
734return 0;
735}
736
737
738/*************************************************
739* Case-independent strcmp() function *
740*************************************************/
741
742/*
743Arguments:
744 s first string
745 t second string
746
747Returns: < 0, = 0, or > 0, according to the comparison
748*/
749
750int
1ba28e2b 751strcmpic(const uschar *s, const uschar *t)
059ec3d9
PH
752{
753while (*s != 0)
754 {
755 int c = tolower(*s++) - tolower(*t++);
756 if (c != 0) return c;
757 }
758return *t;
759}
760
761
762/*************************************************
763* Case-independent strstr() function *
764*************************************************/
765
766/* The third argument specifies whether whitespace is required
767to follow the matched string.
768
769Arguments:
770 s string to search
771 t substring to search for
772 space_follows if TRUE, match only if whitespace follows
773
774Returns: pointer to substring in string, or NULL if not found
775*/
776
777uschar *
778strstric(uschar *s, uschar *t, BOOL space_follows)
779{
780uschar *p = t;
781uschar *yield = NULL;
782int cl = tolower(*p);
783int cu = toupper(*p);
784
785while (*s)
786 {
787 if (*s == cl || *s == cu)
788 {
789 if (yield == NULL) yield = s;
790 if (*(++p) == 0)
791 {
792 if (!space_follows || s[1] == ' ' || s[1] == '\n' ) return yield;
793 yield = NULL;
794 p = t;
795 }
796 cl = tolower(*p);
797 cu = toupper(*p);
798 s++;
799 }
800 else if (yield != NULL)
801 {
802 yield = NULL;
803 p = t;
804 cl = tolower(*p);
805 cu = toupper(*p);
806 }
807 else s++;
808 }
809return NULL;
810}
811
812
813
d12746bc
JH
814#ifdef COMPILE_UTILITY
815/* Dummy version for this function; it should never be called */
816static void
f3ebb786 817gstring_grow(gstring * g, int count)
d12746bc
JH
818{
819assert(FALSE);
820}
821#endif
822
823
824
059ec3d9
PH
825#ifndef COMPILE_UTILITY
826/*************************************************
827* Get next string from separated list *
828*************************************************/
829
830/* Leading and trailing space is removed from each item. The separator in the
831list is controlled by the int pointed to by the separator argument as follows:
832
ec95d1a6
PH
833 If the value is > 0 it is used as the separator. This is typically used for
834 sublists such as slash-separated options. The value is always a printing
835 character.
836
837 (If the value is actually > UCHAR_MAX there is only one item in the list.
059ec3d9
PH
838 This is used for some cases when called via functions that sometimes
839 plough through lists, and sometimes are given single items.)
059ec3d9 840
ec95d1a6
PH
841 If the value is <= 0, the string is inspected for a leading <x, where x is an
842 ispunct() or an iscntrl() character. If found, x is used as the separator. If
843 not found:
844
845 (a) if separator == 0, ':' is used
846 (b) if separator <0, -separator is used
847
848 In all cases the value of the separator that is used is written back to the
849 int so that it is used on subsequent calls as we progress through the list.
850
851A literal ispunct() separator can be represented in an item by doubling, but
852there is no way to include an iscntrl() separator as part of the data.
059ec3d9
PH
853
854Arguments:
855 listptr points to a pointer to the current start of the list; the
856 pointer gets updated to point after the end of the next item
857 separator a pointer to the separator character in an int (see above)
858 buffer where to put a copy of the next string in the list; or
859 NULL if the next string is returned in new memory
860 buflen when buffer is not NULL, the size of buffer; otherwise ignored
861
862Returns: pointer to buffer, containing the next substring,
863 or NULL if no more substrings
864*/
865
866uschar *
55414b25 867string_nextinlist(const uschar **listptr, int *separator, uschar *buffer, int buflen)
059ec3d9 868{
55414b25
JH
869int sep = *separator;
870const uschar *s = *listptr;
ec95d1a6 871BOOL sep_is_special;
059ec3d9 872
8b455685 873if (!s) return NULL;
ec95d1a6
PH
874
875/* This allows for a fixed specified separator to be an iscntrl() character,
876but at the time of implementation, this is never the case. However, it's best
877to be conservative. */
878
879while (isspace(*s) && *s != sep) s++;
880
881/* A change of separator is permitted, so look for a leading '<' followed by an
882allowed character. */
059ec3d9
PH
883
884if (sep <= 0)
885 {
ec95d1a6 886 if (*s == '<' && (ispunct(s[1]) || iscntrl(s[1])))
059ec3d9
PH
887 {
888 sep = s[1];
b72f857f 889 if (*++s) ++s;
ec95d1a6 890 while (isspace(*s) && *s != sep) s++;
059ec3d9
PH
891 }
892 else
8b455685 893 sep = sep ? -sep : ':';
059ec3d9
PH
894 *separator = sep;
895 }
896
ec95d1a6
PH
897/* An empty string has no list elements */
898
8b455685 899if (!*s) return NULL;
059ec3d9 900
ec95d1a6
PH
901/* Note whether whether or not the separator is an iscntrl() character. */
902
903sep_is_special = iscntrl(sep);
904
059ec3d9
PH
905/* Handle the case when a buffer is provided. */
906
617d3932 907if (buffer)
059ec3d9 908 {
d4ff61d1 909 int p = 0;
8b455685 910 for (; *s; s++)
059ec3d9 911 {
ec95d1a6 912 if (*s == sep && (*(++s) != sep || sep_is_special)) break;
059ec3d9
PH
913 if (p < buflen - 1) buffer[p++] = *s;
914 }
915 while (p > 0 && isspace(buffer[p-1])) p--;
8b455685 916 buffer[p] = '\0';
059ec3d9
PH
917 }
918
919/* Handle the case when a buffer is not provided. */
920
921else
922 {
acec9514 923 gstring * g = NULL;
ec95d1a6 924
059ec3d9 925 /* We know that *s != 0 at this point. However, it might be pointing to a
ec95d1a6
PH
926 separator, which could indicate an empty string, or (if an ispunct()
927 character) could be doubled to indicate a separator character as data at the
928 start of a string. Avoid getting working memory for an empty item. */
059ec3d9
PH
929
930 if (*s == sep)
931 {
932 s++;
ec95d1a6
PH
933 if (*s != sep || sep_is_special)
934 {
935 *listptr = s;
936 return string_copy(US"");
937 }
059ec3d9
PH
938 }
939
ec95d1a6
PH
940 /* Not an empty string; the first character is guaranteed to be a data
941 character. */
942
943 for (;;)
059ec3d9 944 {
d7978c0f
JH
945 const uschar * ss;
946 for (ss = s + 1; *ss && *ss != sep; ) ss++;
acec9514 947 g = string_catn(g, s, ss-s);
ec95d1a6 948 s = ss;
8b455685 949 if (!*s || *++s != sep || sep_is_special) break;
059ec3d9 950 }
acec9514
JH
951 while (g->ptr > 0 && isspace(g->s[g->ptr-1])) g->ptr--;
952 buffer = string_from_gstring(g);
e59797e3 953 gstring_release_unused(g);
059ec3d9
PH
954 }
955
956/* Update the current pointer and return the new string */
957
958*listptr = s;
959return buffer;
960}
059ec3d9
PH
961
962
4226691b
JH
963static const uschar *
964Ustrnchr(const uschar * s, int c, unsigned * len)
965{
966unsigned siz = *len;
967while (siz)
968 {
969 if (!*s) return NULL;
970 if (*s == c)
971 {
972 *len = siz;
973 return s;
974 }
975 s++;
976 siz--;
977 }
978return NULL;
979}
980
981
76146973 982/************************************************
1d9ddac9 983* Add element to separated list *
76146973 984************************************************/
4226691b
JH
985/* This function is used to build a list, returning an allocated null-terminated
986growable string. The given element has any embedded separator characters
76146973
JH
987doubled.
988
4226691b
JH
989Despite having the same growable-string interface as string_cat() the list is
990always returned null-terminated.
991
76146973 992Arguments:
acec9514 993 list expanding-string for the list that is being built, or NULL
76146973 994 if this is a new list that has no contents yet
4c04137d
JS
995 sep list separator character
996 ele new element to be appended to the list
76146973
JH
997
998Returns: pointer to the start of the list, changed if copied for expansion.
999*/
1000
acec9514
JH
1001gstring *
1002string_append_listele(gstring * list, uschar sep, const uschar * ele)
76146973 1003{
76146973
JH
1004uschar * sp;
1005
acec9514
JH
1006if (list && list->ptr)
1007 list = string_catn(list, &sep, 1);
76146973 1008
e3dd1d67 1009while((sp = Ustrchr(ele, sep)))
76146973 1010 {
acec9514
JH
1011 list = string_catn(list, ele, sp-ele+1);
1012 list = string_catn(list, &sep, 1);
76146973
JH
1013 ele = sp+1;
1014 }
acec9514
JH
1015list = string_cat(list, ele);
1016(void) string_from_gstring(list);
4226691b 1017return list;
76146973 1018}
00ba27c5
JH
1019
1020
acec9514
JH
1021gstring *
1022string_append_listele_n(gstring * list, uschar sep, const uschar * ele,
1023 unsigned len)
00ba27c5 1024{
00ba27c5
JH
1025const uschar * sp;
1026
acec9514
JH
1027if (list && list->ptr)
1028 list = string_catn(list, &sep, 1);
00ba27c5
JH
1029
1030while((sp = Ustrnchr(ele, sep, &len)))
1031 {
acec9514
JH
1032 list = string_catn(list, ele, sp-ele+1);
1033 list = string_catn(list, &sep, 1);
00ba27c5
JH
1034 ele = sp+1;
1035 len--;
1036 }
acec9514
JH
1037list = string_catn(list, ele, len);
1038(void) string_from_gstring(list);
4226691b 1039return list;
00ba27c5 1040}
76146973
JH
1041
1042
059ec3d9 1043
bce15b62
JH
1044/* A slightly-bogus listmaker utility; the separator is a string so
1045can be multiple chars - there is no checking for the element content
1046containing any of the separator. */
1047
1048gstring *
1049string_append2_listele_n(gstring * list, const uschar * sepstr,
1050 const uschar * ele, unsigned len)
1051{
bce15b62
JH
1052if (list && list->ptr)
1053 list = string_cat(list, sepstr);
1054
1055list = string_catn(list, ele, len);
1056(void) string_from_gstring(list);
1057return list;
1058}
1059
1060
1061
acec9514 1062/************************************************/
f3ebb786
JH
1063/* Add more space to a growable-string. The caller should check
1064first if growth is required. The gstring struct is modified on
1065return; specifically, the string-base-pointer may have been changed.
d12746bc
JH
1066
1067Arguments:
1068 g the growable-string
f3ebb786 1069 count amount needed for g->ptr to increase by
938593e9
JH
1070*/
1071
1072static void
f3ebb786 1073gstring_grow(gstring * g, int count)
acec9514 1074{
f3ebb786 1075int p = g->ptr;
acec9514 1076int oldsize = g->size;
f3ebb786 1077BOOL tainted = is_tainted(g->s);
acec9514
JH
1078
1079/* Mostly, string_cat() is used to build small strings of a few hundred
1080characters at most. There are times, however, when the strings are very much
1081longer (for example, a lookup that returns a vast number of alias addresses).
1082To try to keep things reasonable, we use increments whose size depends on the
1083existing length of the string. */
1084
1085unsigned inc = oldsize < 4096 ? 127 : 1023;
f3ebb786
JH
1086
1087if (count <= 0) return;
1088g->size = (p + count + inc + 1) & ~inc; /* one for a NUL */
acec9514
JH
1089
1090/* Try to extend an existing allocation. If the result of calling
1091store_extend() is false, either there isn't room in the current memory block,
1092or this string is not the top item on the dynamic store stack. We then have
1093to get a new chunk of store and copy the old string. When building large
1094strings, it is helpful to call store_release() on the old string, to release
1095memory blocks that have become empty. (The block will be freed if the string
1096is at its start.) However, we can do this only if we know that the old string
1097was the last item on the dynamic memory stack. This is the case if it matches
1098store_last_get. */
1099
f3ebb786
JH
1100if (!store_extend(g->s, tainted, oldsize, g->size))
1101 g->s = store_newblock(g->s, tainted, g->size, p);
acec9514
JH
1102}
1103
1104
1105
d12746bc
JH
1106/*************************************************
1107* Add chars to string *
1108*************************************************/
059ec3d9
PH
1109/* This function is used when building up strings of unknown length. Room is
1110always left for a terminating zero to be added to the string that is being
1111built. This function does not require the string that is being added to be NUL
1112terminated, because the number of characters to add is given explicitly. It is
1113sometimes called to extract parts of other strings.
1114
1115Arguments:
1116 string points to the start of the string that is being built, or NULL
1117 if this is a new string that has no contents yet
059ec3d9
PH
1118 s points to characters to add
1119 count count of characters to add; must not exceed the length of s, if s
42055a33 1120 is a C string.
059ec3d9 1121
059ec3d9
PH
1122Returns: pointer to the start of the string, changed if copied for expansion.
1123 Note that a NUL is not added, though space is left for one. This is
1124 because string_cat() is often called multiple times to build up a
1125 string - there's no point adding the NUL till the end.
a1b8a755 1126
059ec3d9 1127*/
96f5fe4c 1128/* coverity[+alloc] */
059ec3d9 1129
acec9514
JH
1130gstring *
1131string_catn(gstring * g, const uschar *s, int count)
059ec3d9 1132{
acec9514 1133int p;
f3ebb786 1134BOOL srctaint = is_tainted(s);
059ec3d9 1135
acec9514 1136if (!g)
059ec3d9 1137 {
acec9514
JH
1138 unsigned inc = count < 4096 ? 127 : 1023;
1139 unsigned size = ((count + inc) & ~inc) + 1;
f3ebb786 1140 g = string_get_tainted(size, srctaint);
059ec3d9 1141 }
f3ebb786
JH
1142else if (srctaint && !is_tainted(g->s))
1143 gstring_rebuffer(g);
059ec3d9 1144
acec9514
JH
1145p = g->ptr;
1146if (p + count >= g->size)
f3ebb786 1147 gstring_grow(g, count);
acec9514 1148
059ec3d9
PH
1149/* Because we always specify the exact number of characters to copy, we can
1150use memcpy(), which is likely to be more efficient than strncopy() because the
acec9514 1151latter has to check for zero bytes. */
059ec3d9 1152
acec9514
JH
1153memcpy(g->s + p, s, count);
1154g->ptr = p + count;
1155return g;
059ec3d9 1156}
c3aefacc
HSHR
1157
1158
acec9514
JH
1159gstring *
1160string_cat(gstring *string, const uschar *s)
c2f669a4 1161{
acec9514 1162return string_catn(string, s, Ustrlen(s));
c2f669a4 1163}
059ec3d9
PH
1164
1165
1166
059ec3d9
PH
1167/*************************************************
1168* Append strings to another string *
1169*************************************************/
1170
1171/* This function can be used to build a string from many other strings.
1172It calls string_cat() to do the dirty work.
1173
1174Arguments:
acec9514 1175 string expanding-string that is being built, or NULL
059ec3d9 1176 if this is a new string that has no contents yet
059ec3d9
PH
1177 count the number of strings to append
1178 ... "count" uschar* arguments, which must be valid zero-terminated
1179 C strings
1180
1181Returns: pointer to the start of the string, changed if copied for expansion.
1182 The string is not zero-terminated - see string_cat() above.
1183*/
1184
acec9514
JH
1185__inline__ gstring *
1186string_append(gstring *string, int count, ...)
059ec3d9
PH
1187{
1188va_list ap;
059ec3d9
PH
1189
1190va_start(ap, count);
acec9514 1191while (count-- > 0)
059ec3d9
PH
1192 {
1193 uschar *t = va_arg(ap, uschar *);
acec9514 1194 string = string_cat(string, t);
059ec3d9
PH
1195 }
1196va_end(ap);
1197
1198return string;
1199}
1200#endif
1201
1202
1203
1204/*************************************************
1205* Format a string with length checks *
1206*************************************************/
1207
1208/* This function is used to format a string with checking of the length of the
1209output for all conversions. It protects Exim from absent-mindedness when
1210calling functions like debug_printf and string_sprintf, and elsewhere. There
1211are two different entry points to what is actually the same function, depending
1212on whether the variable length list of data arguments are given explicitly or
1213as a va_list item.
1214
1215The formats are the usual printf() ones, with some omissions (never used) and
c0b9d3e8 1216three additions for strings: %S forces lower case, %T forces upper case, and
acec9514 1217%#s or %#S prints nothing for a NULL string. Without the # "NULL" is printed
c0b9d3e8
JH
1218(useful in debugging). There is also the addition of %D and %M, which insert
1219the date in the form used for datestamped log files.
059ec3d9
PH
1220
1221Arguments:
1222 buffer a buffer in which to put the formatted string
1223 buflen the length of the buffer
1224 format the format string - deliberately char * and not uschar *
1225 ... or ap variable list of supplementary arguments
1226
1227Returns: TRUE if the result fitted in the buffer
1228*/
1229
1230BOOL
f3ebb786
JH
1231string_format_trc(uschar * buffer, int buflen,
1232 const uschar * func, unsigned line, const char * format, ...)
059ec3d9 1233{
d12746bc 1234gstring g = { .size = buflen, .ptr = 0, .s = buffer }, *gp;
059ec3d9
PH
1235va_list ap;
1236va_start(ap, format);
f3ebb786
JH
1237gp = string_vformat_trc(&g, func, line, STRING_SPRINTF_BUFFER_SIZE,
1238 0, format, ap);
059ec3d9 1239va_end(ap);
d12746bc
JH
1240g.s[g.ptr] = '\0';
1241return !!gp;
059ec3d9
PH
1242}
1243
1244
d12746bc 1245
f3ebb786
JH
1246/* Copy the content of a string to tainted memory */
1247static void
1248gstring_rebuffer(gstring * g)
1249{
1250uschar * s = store_get(g->size, TRUE);
1251memcpy(s, g->s, g->ptr);
1252g->s = s;
1253}
1254
d12746bc
JH
1255
1256
f3ebb786 1257/* Build or append to a growing-string, sprintf-style.
d12746bc 1258
f3ebb786
JH
1259If the "extend" flag is true, the string passed in can be NULL,
1260empty, or non-empty. Growing is subject to an overall limit given
1261by the size_limit argument.
d12746bc 1262
f3ebb786 1263If the "extend" flag is false, the string passed in may not be NULL,
d12746bc
JH
1264will not be grown, and is usable in the original place after return.
1265The return value can be NULL to signify overflow.
1266
adc4ecf9
JH
1267Returns the possibly-new (if copy for growth or taint-handling was needed)
1268string, not nul-terminated.
d12746bc
JH
1269*/
1270
1271gstring *
f3ebb786
JH
1272string_vformat_trc(gstring * g, const uschar * func, unsigned line,
1273 unsigned size_limit, unsigned flags, const char *format, va_list ap)
059ec3d9 1274{
d12746bc
JH
1275enum ltypes { L_NORMAL=1, L_SHORT=2, L_LONG=3, L_LONGLONG=4, L_LONGDOUBLE=5, L_SIZE=6 };
1276
f3ebb786 1277int width, precision, off, lim, need;
d12746bc 1278const char * fp = format; /* Deliberately not unsigned */
f3ebb786 1279BOOL dest_tainted = FALSE;
b1c749bb 1280
d12746bc
JH
1281string_datestamp_offset = -1; /* Datestamp not inserted */
1282string_datestamp_length = 0; /* Datestamp not inserted */
1283string_datestamp_type = 0; /* Datestamp not inserted */
059ec3d9 1284
d12746bc 1285#ifdef COMPILE_UTILITY
f3ebb786 1286assert(!(flags & SVFMT_EXTEND));
d12746bc
JH
1287assert(g);
1288#else
1289
1290/* Ensure we have a string, to save on checking later */
1291if (!g) g = string_get(16);
f3ebb786
JH
1292else if (!(flags & SVFMT_TAINT_NOCHK)) dest_tainted = is_tainted(g->s);
1293
1294if (!(flags & SVFMT_TAINT_NOCHK) && !dest_tainted && is_tainted(format))
1295 {
aaabfafe 1296#ifndef MACRO_PREDEF
f3ebb786
JH
1297 if (!(flags & SVFMT_REBUFFER))
1298 die_tainted(US"string_vformat", func, line);
aaabfafe 1299#endif
f3ebb786
JH
1300 gstring_rebuffer(g);
1301 dest_tainted = TRUE;
1302 }
d12746bc
JH
1303#endif /*!COMPILE_UTILITY*/
1304
1305lim = g->size - 1; /* leave one for a nul */
1306off = g->ptr; /* remember initial offset in gstring */
059ec3d9
PH
1307
1308/* Scan the format and handle the insertions */
1309
d12746bc 1310while (*fp)
059ec3d9 1311 {
b1c749bb 1312 int length = L_NORMAL;
059ec3d9
PH
1313 int *nptr;
1314 int slen;
d12746bc
JH
1315 const char *null = "NULL"; /* ) These variables */
1316 const char *item_start, *s; /* ) are deliberately */
1317 char newformat[16]; /* ) not unsigned */
1318 char * gp = CS g->s + g->ptr; /* ) */
059ec3d9
PH
1319
1320 /* Non-% characters just get copied verbatim */
1321
1322 if (*fp != '%')
1323 {
d12746bc 1324 /* Avoid string_copyn() due to COMPILE_UTILITY */
f3ebb786 1325 if ((need = g->ptr + 1) > lim)
1100a343 1326 {
f3ebb786
JH
1327 if (!(flags & SVFMT_EXTEND) || need > size_limit) return NULL;
1328 gstring_grow(g, 1);
1100a343
JH
1329 lim = g->size - 1;
1330 }
d12746bc 1331 g->s[g->ptr++] = (uschar) *fp++;
059ec3d9
PH
1332 continue;
1333 }
1334
1335 /* Deal with % characters. Pick off the width and precision, for checking
1336 strings, skipping over the flag and modifier characters. */
1337
1338 item_start = fp;
1339 width = precision = -1;
1340
1341 if (strchr("-+ #0", *(++fp)) != NULL)
1342 {
1343 if (*fp == '#') null = "";
1344 fp++;
1345 }
1346
1347 if (isdigit((uschar)*fp))
1348 {
1349 width = *fp++ - '0';
1350 while (isdigit((uschar)*fp)) width = width * 10 + *fp++ - '0';
1351 }
1352 else if (*fp == '*')
1353 {
1354 width = va_arg(ap, int);
1355 fp++;
1356 }
1357
1358 if (*fp == '.')
059ec3d9
PH
1359 if (*(++fp) == '*')
1360 {
1361 precision = va_arg(ap, int);
1362 fp++;
1363 }
1364 else
d12746bc
JH
1365 for (precision = 0; isdigit((uschar)*fp); fp++)
1366 precision = precision*10 + *fp - '0';
059ec3d9 1367
91a246f6 1368 /* Skip over 'h', 'L', 'l', 'll' and 'z', remembering the item length */
b1c749bb
PH
1369
1370 if (*fp == 'h')
1371 { fp++; length = L_SHORT; }
1372 else if (*fp == 'L')
1373 { fp++; length = L_LONGDOUBLE; }
1374 else if (*fp == 'l')
b1c749bb 1375 if (fp[1] == 'l')
d12746bc 1376 { fp += 2; length = L_LONGLONG; }
b1c749bb 1377 else
d12746bc 1378 { fp++; length = L_LONG; }
91a246f6
PP
1379 else if (*fp == 'z')
1380 { fp++; length = L_SIZE; }
059ec3d9
PH
1381
1382 /* Handle each specific format type. */
1383
1384 switch (*fp++)
1385 {
1386 case 'n':
d12746bc
JH
1387 nptr = va_arg(ap, int *);
1388 *nptr = g->ptr - off;
1389 break;
059ec3d9
PH
1390
1391 case 'd':
1392 case 'o':
1393 case 'u':
1394 case 'x':
1395 case 'X':
d12746bc 1396 width = length > L_LONG ? 24 : 12;
f3ebb786 1397 if ((need = g->ptr + width) > lim)
1100a343 1398 {
f3ebb786
JH
1399 if (!(flags & SVFMT_EXTEND) || need >= size_limit) return NULL;
1400 gstring_grow(g, width);
1100a343
JH
1401 lim = g->size - 1;
1402 gp = CS g->s + g->ptr;
1403 }
d12746bc
JH
1404 strncpy(newformat, item_start, fp - item_start);
1405 newformat[fp - item_start] = 0;
b1c749bb 1406
d12746bc
JH
1407 /* Short int is promoted to int when passing through ..., so we must use
1408 int for va_arg(). */
b1c749bb 1409
d12746bc
JH
1410 switch(length)
1411 {
1412 case L_SHORT:
1413 case L_NORMAL:
1414 g->ptr += sprintf(gp, newformat, va_arg(ap, int)); break;
1415 case L_LONG:
1416 g->ptr += sprintf(gp, newformat, va_arg(ap, long int)); break;
1417 case L_LONGLONG:
1418 g->ptr += sprintf(gp, newformat, va_arg(ap, LONGLONG_T)); break;
1419 case L_SIZE:
1420 g->ptr += sprintf(gp, newformat, va_arg(ap, size_t)); break;
1421 }
1422 break;
059ec3d9
PH
1423
1424 case 'p':
2e8db779
JH
1425 {
1426 void * ptr;
f3ebb786 1427 if ((need = g->ptr + 24) > lim)
1100a343 1428 {
f3ebb786
JH
1429 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1430 gstring_grow(g, 24);
1100a343
JH
1431 lim = g->size - 1;
1432 gp = CS g->s + g->ptr;
1433 }
81f358da
JH
1434 /* sprintf() saying "(nil)" for a null pointer seems unreliable.
1435 Handle it explicitly. */
2e8db779
JH
1436 if ((ptr = va_arg(ap, void *)))
1437 {
1438 strncpy(newformat, item_start, fp - item_start);
1439 newformat[fp - item_start] = 0;
d12746bc 1440 g->ptr += sprintf(gp, newformat, ptr);
2e8db779
JH
1441 }
1442 else
d12746bc 1443 g->ptr += sprintf(gp, "(nil)");
2e8db779 1444 }
059ec3d9
PH
1445 break;
1446
1447 /* %f format is inherently insecure if the numbers that it may be
870f6ba8
TF
1448 handed are unknown (e.g. 1e300). However, in Exim, %f is used for
1449 printing load averages, and these are actually stored as integers
1450 (load average * 1000) so the size of the numbers is constrained.
1451 It is also used for formatting sending rates, where the simplicity
1452 of the format prevents overflow. */
059ec3d9
PH
1453
1454 case 'f':
1455 case 'e':
1456 case 'E':
1457 case 'g':
1458 case 'G':
d12746bc 1459 if (precision < 0) precision = 6;
f3ebb786 1460 if ((need = g->ptr + precision + 8) > lim)
1100a343 1461 {
f3ebb786
JH
1462 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1463 gstring_grow(g, precision+8);
1100a343
JH
1464 lim = g->size - 1;
1465 gp = CS g->s + g->ptr;
1466 }
d12746bc
JH
1467 strncpy(newformat, item_start, fp - item_start);
1468 newformat[fp-item_start] = 0;
1469 if (length == L_LONGDOUBLE)
1470 g->ptr += sprintf(gp, newformat, va_arg(ap, long double));
1471 else
1472 g->ptr += sprintf(gp, newformat, va_arg(ap, double));
1473 break;
059ec3d9
PH
1474
1475 /* String types */
1476
1477 case '%':
f3ebb786 1478 if ((need = g->ptr + 1) > lim)
1100a343 1479 {
f3ebb786
JH
1480 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1481 gstring_grow(g, 1);
1100a343
JH
1482 lim = g->size - 1;
1483 }
d12746bc
JH
1484 g->s[g->ptr++] = (uschar) '%';
1485 break;
059ec3d9
PH
1486
1487 case 'c':
f3ebb786 1488 if ((need = g->ptr + 1) > lim)
1100a343 1489 {
f3ebb786
JH
1490 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1491 gstring_grow(g, 1);
1100a343
JH
1492 lim = g->size - 1;
1493 }
d12746bc
JH
1494 g->s[g->ptr++] = (uschar) va_arg(ap, int);
1495 break;
059ec3d9 1496
f1e5fef5 1497 case 'D': /* Insert daily datestamp for log file names */
d12746bc
JH
1498 s = CS tod_stamp(tod_log_datestamp_daily);
1499 string_datestamp_offset = g->ptr; /* Passed back via global */
1500 string_datestamp_length = Ustrlen(s); /* Passed back via global */
1501 string_datestamp_type = tod_log_datestamp_daily;
1502 slen = string_datestamp_length;
1503 goto INSERT_STRING;
f1e5fef5
PP
1504
1505 case 'M': /* Insert monthly datestamp for log file names */
d12746bc
JH
1506 s = CS tod_stamp(tod_log_datestamp_monthly);
1507 string_datestamp_offset = g->ptr; /* Passed back via global */
1508 string_datestamp_length = Ustrlen(s); /* Passed back via global */
1509 string_datestamp_type = tod_log_datestamp_monthly;
1510 slen = string_datestamp_length;
1511 goto INSERT_STRING;
059ec3d9
PH
1512
1513 case 's':
1514 case 'S': /* Forces *lower* case */
c0b9d3e8 1515 case 'T': /* Forces *upper* case */
d12746bc 1516 s = va_arg(ap, char *);
059ec3d9 1517
d12746bc
JH
1518 if (!s) s = null;
1519 slen = Ustrlen(s);
059ec3d9 1520
f3ebb786
JH
1521 if (!(flags & SVFMT_TAINT_NOCHK) && !dest_tainted && is_tainted(s))
1522 if (flags & SVFMT_REBUFFER)
1523 {
1524 gstring_rebuffer(g);
1525 gp = CS g->s + g->ptr;
1526 dest_tainted = TRUE;
1527 }
aaabfafe 1528#ifndef MACRO_PREDEF
f3ebb786
JH
1529 else
1530 die_tainted(US"string_vformat", func, line);
aaabfafe 1531#endif
f3ebb786 1532
f1e5fef5
PP
1533 INSERT_STRING: /* Come to from %D or %M above */
1534
059ec3d9 1535 {
d12746bc 1536 BOOL truncated = FALSE;
059ec3d9 1537
d12746bc
JH
1538 /* If the width is specified, check that there is a precision
1539 set; if not, set it to the width to prevent overruns of long
1540 strings. */
059ec3d9 1541
d12746bc
JH
1542 if (width >= 0)
1543 {
1544 if (precision < 0) precision = width;
1545 }
059ec3d9 1546
d12746bc
JH
1547 /* If a width is not specified and the precision is specified, set
1548 the width to the precision, or the string length if shorted. */
059ec3d9 1549
d12746bc
JH
1550 else if (precision >= 0)
1551 width = precision < slen ? precision : slen;
059ec3d9 1552
d12746bc 1553 /* If neither are specified, set them both to the string length. */
059ec3d9 1554
d12746bc
JH
1555 else
1556 width = precision = slen;
1557
f3ebb786 1558 if ((need = g->ptr + width) >= size_limit || !(flags & SVFMT_EXTEND))
d12746bc
JH
1559 {
1560 if (g->ptr == lim) return NULL;
f3ebb786 1561 if (need > lim)
d12746bc
JH
1562 {
1563 truncated = TRUE;
1564 width = precision = lim - g->ptr - 1;
1565 if (width < 0) width = 0;
1566 if (precision < 0) precision = 0;
1567 }
1568 }
f3ebb786 1569 else if (need > lim)
1100a343 1570 {
f3ebb786 1571 gstring_grow(g, width);
1100a343
JH
1572 lim = g->size - 1;
1573 gp = CS g->s + g->ptr;
1574 }
d12746bc
JH
1575
1576 g->ptr += sprintf(gp, "%*.*s", width, precision, s);
1577 if (fp[-1] == 'S')
1578 while (*gp) { *gp = tolower(*gp); gp++; }
1579 else if (fp[-1] == 'T')
1580 while (*gp) { *gp = toupper(*gp); gp++; }
1581
1582 if (truncated) return NULL;
1583 break;
059ec3d9 1584 }
059ec3d9
PH
1585
1586 /* Some things are never used in Exim; also catches junk. */
1587
1588 default:
d12746bc
JH
1589 strncpy(newformat, item_start, fp - item_start);
1590 newformat[fp-item_start] = 0;
1591 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "string_format: unsupported type "
1592 "in \"%s\" in \"%s\"", newformat, format);
1593 break;
059ec3d9
PH
1594 }
1595 }
1596
f3ebb786
JH
1597if (g->ptr > g->size)
1598 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1599 "string_format internal error: caller %s %d", func, line);
d12746bc
JH
1600return g;
1601}
059ec3d9 1602
059ec3d9 1603
d12746bc
JH
1604
1605#ifndef COMPILE_UTILITY
059ec3d9
PH
1606/*************************************************
1607* Generate an "open failed" message *
1608*************************************************/
1609
1610/* This function creates a message after failure to open a file. It includes a
1611string supplied as data, adds the strerror() text, and if the failure was
1612"Permission denied", reads and includes the euid and egid.
1613
1614Arguments:
1615 eno the value of errno after the failure
1616 format a text format string - deliberately not uschar *
1617 ... arguments for the format string
1618
1619Returns: a message, in dynamic store
1620*/
1621
1622uschar *
f3ebb786
JH
1623string_open_failed_trc(int eno, const uschar * func, unsigned line,
1624 const char *format, ...)
059ec3d9
PH
1625{
1626va_list ap;
d12746bc 1627gstring * g = string_get(1024);
059ec3d9 1628
d12746bc 1629g = string_catn(g, US"failed to open ", 15);
059ec3d9
PH
1630
1631/* Use the checked formatting routine to ensure that the buffer
1632does not overflow. It should not, since this is called only for internally
1633specified messages. If it does, the message just gets truncated, and there
1634doesn't seem much we can do about that. */
1635
d12746bc 1636va_start(ap, format);
f3ebb786
JH
1637(void) string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE,
1638 0, format, ap);
d12746bc 1639string_from_gstring(g);
e59797e3 1640gstring_release_unused(g);
cb570b5e 1641va_end(ap);
059ec3d9 1642
d12746bc
JH
1643return eno == EACCES
1644 ? string_sprintf("%s: %s (euid=%ld egid=%ld)", g->s, strerror(eno),
1645 (long int)geteuid(), (long int)getegid())
1646 : string_sprintf("%s: %s", g->s, strerror(eno));
059ec3d9
PH
1647}
1648#endif /* COMPILE_UTILITY */
1649
1650
1651
059ec3d9
PH
1652
1653
bc3c7bb7
HSHR
1654#ifndef COMPILE_UTILITY
1655/* qsort(3), currently used to sort the environment variables
1656for -bP environment output, needs a function to compare two pointers to string
1657pointers. Here it is. */
1658
1659int
84bbb4d8 1660string_compare_by_pointer(const void *a, const void *b)
bc3c7bb7 1661{
35a5627d 1662return Ustrcmp(* CUSS a, * CUSS b);
bc3c7bb7
HSHR
1663}
1664#endif /* COMPILE_UTILITY */
059ec3d9
PH
1665
1666
1667
d12746bc 1668
059ec3d9
PH
1669/*************************************************
1670**************************************************
1671* Stand-alone test program *
1672**************************************************
1673*************************************************/
1674
1675#ifdef STAND_ALONE
1676int main(void)
1677{
1678uschar buffer[256];
1679
1680printf("Testing is_ip_address\n");
1681
1682while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1683 {
1684 int offset;
1685 buffer[Ustrlen(buffer) - 1] = 0;
1686 printf("%d\n", string_is_ip_address(buffer, NULL));
1687 printf("%d %d %s\n", string_is_ip_address(buffer, &offset), offset, buffer);
1688 }
1689
1690printf("Testing string_nextinlist\n");
1691
1692while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1693 {
1694 uschar *list = buffer;
1695 uschar *lp1, *lp2;
1696 uschar item[256];
1697 int sep1 = 0;
1698 int sep2 = 0;
1699
1700 if (*list == '<')
1701 {
1702 sep1 = sep2 = list[1];
1703 list += 2;
1704 }
1705
1706 lp1 = lp2 = list;
1707 for (;;)
1708 {
1709 uschar *item1 = string_nextinlist(&lp1, &sep1, item, sizeof(item));
1710 uschar *item2 = string_nextinlist(&lp2, &sep2, NULL, 0);
1711
1712 if (item1 == NULL && item2 == NULL) break;
1713 if (item == NULL || item2 == NULL || Ustrcmp(item1, item2) != 0)
1714 {
1715 printf("***ERROR\nitem1=\"%s\"\nitem2=\"%s\"\n",
1716 (item1 == NULL)? "NULL" : CS item1,
1717 (item2 == NULL)? "NULL" : CS item2);
1718 break;
1719 }
1720 else printf(" \"%s\"\n", CS item1);
1721 }
1722 }
1723
1724/* This is a horrible lash-up, but it serves its purpose. */
1725
1726printf("Testing string_format\n");
1727
1728while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1729 {
1730 void *args[3];
ed72ace5 1731 long long llargs[3];
059ec3d9
PH
1732 double dargs[3];
1733 int dflag = 0;
ed72ace5 1734 int llflag = 0;
059ec3d9
PH
1735 int n = 0;
1736 int count;
1737 int countset = 0;
1738 uschar format[256];
1739 uschar outbuf[256];
1740 uschar *s;
1741 buffer[Ustrlen(buffer) - 1] = 0;
1742
1743 s = Ustrchr(buffer, ',');
1744 if (s == NULL) s = buffer + Ustrlen(buffer);
1745
1746 Ustrncpy(format, buffer, s - buffer);
1747 format[s-buffer] = 0;
1748
1749 if (*s == ',') s++;
1750
1751 while (*s != 0)
1752 {
1753 uschar *ss = s;
1754 s = Ustrchr(ss, ',');
1755 if (s == NULL) s = ss + Ustrlen(ss);
1756
1757 if (isdigit(*ss))
1758 {
1759 Ustrncpy(outbuf, ss, s-ss);
1760 if (Ustrchr(outbuf, '.') != NULL)
1761 {
1762 dflag = 1;
1763 dargs[n++] = Ustrtod(outbuf, NULL);
1764 }
ed72ace5
PH
1765 else if (Ustrstr(outbuf, "ll") != NULL)
1766 {
1767 llflag = 1;
1768 llargs[n++] = strtoull(CS outbuf, NULL, 10);
1769 }
059ec3d9
PH
1770 else
1771 {
1772 args[n++] = (void *)Uatoi(outbuf);
1773 }
1774 }
1775
1776 else if (Ustrcmp(ss, "*") == 0)
1777 {
1778 args[n++] = (void *)(&count);
1779 countset = 1;
1780 }
1781
1782 else
1783 {
1784 uschar *sss = malloc(s - ss + 1);
1785 Ustrncpy(sss, ss, s-ss);
1786 args[n++] = sss;
1787 }
1788
1789 if (*s == ',') s++;
1790 }
1791
ed72ace5
PH
1792 if (!dflag && !llflag)
1793 printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1794 args[0], args[1], args[2])? "True" : "False");
1795
1796 else if (dflag)
1797 printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1798 dargs[0], dargs[1], dargs[2])? "True" : "False");
059ec3d9
PH
1799
1800 else printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
ed72ace5 1801 llargs[0], llargs[1], llargs[2])? "True" : "False");
059ec3d9
PH
1802
1803 printf("%s\n", CS outbuf);
1804 if (countset) printf("count=%d\n", count);
1805 }
1806
1807return 0;
1808}
1809#endif
1810
1811/* End of string.c */