Harden string-list handling
[exim.git] / src / src / string.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
059ec3d9
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8/* Miscellaneous string-handling functions. Some are not required for
9utilities and tests, and are cut out by the COMPILE_UTILITY macro. */
10
11
12#include "exim.h"
d12746bc 13#include <assert.h>
059ec3d9
PH
14
15
16#ifndef COMPILE_UTILITY
17/*************************************************
18* Test for IP address *
19*************************************************/
20
21/* This used just to be a regular expression, but with IPv6 things are a bit
22more complicated. If the address contains a colon, it is assumed to be a v6
23address (assuming HAVE_IPV6 is set). If a mask is permitted and one is present,
24and maskptr is not NULL, its offset is placed there.
25
26Arguments:
27 s a string
28 maskptr NULL if no mask is permitted to follow
29 otherwise, points to an int where the offset of '/' is placed
1688f43b 30 if there is no / followed by trailing digits, *maskptr is set 0
059ec3d9
PH
31
32Returns: 0 if the string is not a textual representation of an IP address
33 4 if it is an IPv4 address
34 6 if it is an IPv6 address
35*/
36
37int
b1f8e4f8 38string_is_ip_address(const uschar *s, int *maskptr)
059ec3d9
PH
39{
40int i;
41int yield = 4;
42
43/* If an optional mask is permitted, check for it. If found, pass back the
44offset. */
45
8d909960 46if (maskptr)
059ec3d9 47 {
b1f8e4f8 48 const uschar *ss = s + Ustrlen(s);
059ec3d9
PH
49 *maskptr = 0;
50 if (s != ss && isdigit(*(--ss)))
51 {
52 while (ss > s && isdigit(ss[-1])) ss--;
53 if (ss > s && *(--ss) == '/') *maskptr = ss - s;
54 }
55 }
56
57/* A colon anywhere in the string => IPv6 address */
58
59if (Ustrchr(s, ':') != NULL)
60 {
61 BOOL had_double_colon = FALSE;
62 BOOL v4end = FALSE;
63 int count = 0;
64
65 yield = 6;
66
67 /* An IPv6 address must start with hex digit or double colon. A single
68 colon is invalid. */
69
70 if (*s == ':' && *(++s) != ':') return 0;
71
72 /* Now read up to 8 components consisting of up to 4 hex digits each. There
73 may be one and only one appearance of double colon, which implies any number
74 of binary zero bits. The number of preceding components is held in count. */
75
76 for (count = 0; count < 8; count++)
77 {
78 /* If the end of the string is reached before reading 8 components, the
79 address is valid provided a double colon has been read. This also applies
80 if we hit the / that introduces a mask or the % that introduces the
81 interface specifier (scope id) of a link-local address. */
82
8d909960 83 if (*s == 0 || *s == '%' || *s == '/') return had_double_colon ? yield : 0;
059ec3d9
PH
84
85 /* If a component starts with an additional colon, we have hit a double
86 colon. This is permitted to appear once only, and counts as at least
87 one component. The final component may be of this form. */
88
89 if (*s == ':')
90 {
91 if (had_double_colon) return 0;
92 had_double_colon = TRUE;
93 s++;
94 continue;
95 }
96
97 /* If the remainder of the string contains a dot but no colons, we
98 can expect a trailing IPv4 address. This is valid if either there has
99 been no double-colon and this is the 7th component (with the IPv4 address
100 being the 7th & 8th components), OR if there has been a double-colon
101 and fewer than 6 components. */
102
103 if (Ustrchr(s, ':') == NULL && Ustrchr(s, '.') != NULL)
104 {
105 if ((!had_double_colon && count != 6) ||
106 (had_double_colon && count > 6)) return 0;
107 v4end = TRUE;
108 yield = 6;
109 break;
110 }
111
112 /* Check for at least one and not more than 4 hex digits for this
113 component. */
114
115 if (!isxdigit(*s++)) return 0;
116 if (isxdigit(*s) && isxdigit(*(++s)) && isxdigit(*(++s))) s++;
117
118 /* If the component is terminated by colon and there is more to
119 follow, skip over the colon. If there is no more to follow the address is
120 invalid. */
121
122 if (*s == ':' && *(++s) == 0) return 0;
123 }
124
125 /* If about to handle a trailing IPv4 address, drop through. Otherwise
126 all is well if we are at the end of the string or at the mask or at a percent
127 sign, which introduces the interface specifier (scope id) of a link local
128 address. */
129
1688f43b
PH
130 if (!v4end)
131 return (*s == 0 || *s == '%' ||
132 (*s == '/' && maskptr != NULL && *maskptr != 0))? yield : 0;
059ec3d9
PH
133 }
134
135/* Test for IPv4 address, which may be the tail-end of an IPv6 address. */
136
137for (i = 0; i < 4; i++)
138 {
8d909960
JH
139 long n;
140 uschar * end;
141
059ec3d9 142 if (i != 0 && *s++ != '.') return 0;
8d909960
JH
143 n = strtol(CCS s, CSS &end, 10);
144 if (n > 255 || n < 0 || end <= s || end > s+3) return 0;
145 s = end;
059ec3d9
PH
146 }
147
8d909960 148return !*s || (*s == '/' && maskptr && *maskptr != 0) ? yield : 0;
059ec3d9
PH
149}
150#endif /* COMPILE_UTILITY */
151
152
153/*************************************************
154* Format message size *
155*************************************************/
156
157/* Convert a message size in bytes to printing form, rounding
158according to the magnitude of the number. A value of zero causes
159a string of spaces to be returned.
160
161Arguments:
162 size the message size in bytes
163 buffer where to put the answer
164
165Returns: pointer to the buffer
166 a string of exactly 5 characters is normally returned
167*/
168
169uschar *
170string_format_size(int size, uschar *buffer)
171{
45500060 172if (size == 0) Ustrcpy(buffer, " ");
059ec3d9
PH
173else if (size < 1024) sprintf(CS buffer, "%5d", size);
174else if (size < 10*1024)
175 sprintf(CS buffer, "%4.1fK", (double)size / 1024.0);
176else if (size < 1024*1024)
177 sprintf(CS buffer, "%4dK", (size + 512)/1024);
178else if (size < 10*1024*1024)
179 sprintf(CS buffer, "%4.1fM", (double)size / (1024.0 * 1024.0));
180else
181 sprintf(CS buffer, "%4dM", (size + 512 * 1024)/(1024*1024));
182return buffer;
183}
184
185
186
187#ifndef COMPILE_UTILITY
188/*************************************************
189* Convert a number to base 62 format *
190*************************************************/
191
192/* Convert a long integer into an ASCII base 62 string. For Cygwin the value of
193BASE_62 is actually 36. Always return exactly 6 characters plus zero, in a
194static area.
195
196Argument: a long integer
197Returns: pointer to base 62 string
198*/
199
200uschar *
201string_base62(unsigned long int value)
202{
203static uschar yield[7];
204uschar *p = yield + sizeof(yield) - 1;
205*p = 0;
206while (p > yield)
207 {
208 *(--p) = base62_chars[value % BASE_62];
209 value /= BASE_62;
210 }
211return yield;
212}
213#endif /* COMPILE_UTILITY */
214
215
216
059ec3d9
PH
217/*************************************************
218* Interpret escape sequence *
219*************************************************/
220
221/* This function is called from several places where escape sequences are to be
222interpreted in strings.
223
224Arguments:
225 pp points a pointer to the initiating "\" in the string;
226 the pointer gets updated to point to the final character
227Returns: the value of the character escape
228*/
229
230int
55414b25 231string_interpret_escape(const uschar **pp)
059ec3d9 232{
3fb3c68d
JH
233#ifdef COMPILE_UTILITY
234const uschar *hex_digits= CUS"0123456789abcdef";
235#endif
059ec3d9 236int ch;
55414b25 237const uschar *p = *pp;
059ec3d9
PH
238ch = *(++p);
239if (isdigit(ch) && ch != '8' && ch != '9')
240 {
241 ch -= '0';
242 if (isdigit(p[1]) && p[1] != '8' && p[1] != '9')
243 {
244 ch = ch * 8 + *(++p) - '0';
245 if (isdigit(p[1]) && p[1] != '8' && p[1] != '9')
246 ch = ch * 8 + *(++p) - '0';
247 }
248 }
249else switch(ch)
250 {
c7396ac5
PP
251 case 'b': ch = '\b'; break;
252 case 'f': ch = '\f'; break;
059ec3d9
PH
253 case 'n': ch = '\n'; break;
254 case 'r': ch = '\r'; break;
255 case 't': ch = '\t'; break;
c7396ac5 256 case 'v': ch = '\v'; break;
059ec3d9
PH
257 case 'x':
258 ch = 0;
259 if (isxdigit(p[1]))
260 {
261 ch = ch * 16 +
262 Ustrchr(hex_digits, tolower(*(++p))) - hex_digits;
263 if (isxdigit(p[1])) ch = ch * 16 +
264 Ustrchr(hex_digits, tolower(*(++p))) - hex_digits;
265 }
266 break;
267 }
268*pp = p;
269return ch;
270}
059ec3d9
PH
271
272
273
274#ifndef COMPILE_UTILITY
275/*************************************************
276* Ensure string is printable *
277*************************************************/
278
279/* This function is called for critical strings. It checks for any
280non-printing characters, and if any are found, it makes a new copy
281of the string with suitable escape sequences. It is most often called by the
282macro string_printing(), which sets allow_tab TRUE.
283
284Arguments:
285 s the input string
286 allow_tab TRUE to allow tab as a printing character
287
288Returns: string with non-printers encoded as printing sequences
289*/
290
55414b25
JH
291const uschar *
292string_printing2(const uschar *s, BOOL allow_tab)
059ec3d9
PH
293{
294int nonprintcount = 0;
295int length = 0;
55414b25 296const uschar *t = s;
059ec3d9
PH
297uschar *ss, *tt;
298
299while (*t != 0)
300 {
301 int c = *t++;
302 if (!mac_isprint(c) || (!allow_tab && c == '\t')) nonprintcount++;
303 length++;
304 }
305
306if (nonprintcount == 0) return s;
307
308/* Get a new block of store guaranteed big enough to hold the
309expanded string. */
310
36719342 311ss = store_get(length + nonprintcount * 3 + 1);
059ec3d9 312
4c04137d 313/* Copy everything, escaping non printers. */
059ec3d9
PH
314
315t = s;
316tt = ss;
317
318while (*t != 0)
319 {
320 int c = *t;
321 if (mac_isprint(c) && (allow_tab || c != '\t')) *tt++ = *t++; else
322 {
323 *tt++ = '\\';
324 switch (*t)
325 {
326 case '\n': *tt++ = 'n'; break;
327 case '\r': *tt++ = 'r'; break;
328 case '\b': *tt++ = 'b'; break;
329 case '\v': *tt++ = 'v'; break;
330 case '\f': *tt++ = 'f'; break;
331 case '\t': *tt++ = 't'; break;
332 default: sprintf(CS tt, "%03o", *t); tt += 3; break;
333 }
334 t++;
335 }
336 }
337*tt = 0;
338return ss;
339}
79fe97d8
PP
340#endif /* COMPILE_UTILITY */
341
c7396ac5
PP
342/*************************************************
343* Undo printing escapes in string *
344*************************************************/
345
346/* This function is the reverse of string_printing2. It searches for
347backslash characters and if any are found, it makes a new copy of the
348string with escape sequences parsed. Otherwise it returns the original
349string.
350
351Arguments:
352 s the input string
353
354Returns: string with printing escapes parsed back
355*/
356
357uschar *
358string_unprinting(uschar *s)
359{
360uschar *p, *q, *r, *ss;
361int len, off;
362
363p = Ustrchr(s, '\\');
364if (!p) return s;
365
366len = Ustrlen(s) + 1;
367ss = store_get(len);
368
369q = ss;
370off = p - s;
371if (off)
372 {
373 memcpy(q, s, off);
374 q += off;
375 }
376
377while (*p)
378 {
379 if (*p == '\\')
380 {
55414b25 381 *q++ = string_interpret_escape((const uschar **)&p);
823ad74f 382 p++;
c7396ac5
PP
383 }
384 else
385 {
386 r = Ustrchr(p, '\\');
387 if (!r)
388 {
389 off = Ustrlen(p);
390 memcpy(q, p, off);
391 p += off;
392 q += off;
393 break;
394 }
395 else
396 {
397 off = r - p;
398 memcpy(q, p, off);
399 q += off;
400 p = r;
401 }
402 }
403 }
404*q = '\0';
405
406return ss;
407}
059ec3d9
PH
408
409
410
411
412/*************************************************
413* Copy and save string *
414*************************************************/
415
416/* This function assumes that memcpy() is faster than strcpy().
417
418Argument: string to copy
419Returns: copy of string in new store
420*/
421
422uschar *
3f0945ff 423string_copy(const uschar *s)
059ec3d9
PH
424{
425int len = Ustrlen(s) + 1;
426uschar *ss = store_get(len);
427memcpy(ss, s, len);
428return ss;
429}
430
431
432
433/*************************************************
434* Copy and save string in malloc'd store *
435*************************************************/
436
437/* This function assumes that memcpy() is faster than strcpy().
438
439Argument: string to copy
440Returns: copy of string in new store
441*/
442
443uschar *
55414b25 444string_copy_malloc(const uschar *s)
059ec3d9
PH
445{
446int len = Ustrlen(s) + 1;
447uschar *ss = store_malloc(len);
448memcpy(ss, s, len);
449return ss;
450}
451
452
453
454/*************************************************
455* Copy, lowercase and save string *
456*************************************************/
457
458/*
459Argument: string to copy
460Returns: copy of string in new store, with letters lowercased
461*/
462
463uschar *
1dc92d5a 464string_copylc(const uschar *s)
059ec3d9
PH
465{
466uschar *ss = store_get(Ustrlen(s) + 1);
467uschar *p = ss;
468while (*s != 0) *p++ = tolower(*s++);
469*p = 0;
470return ss;
471}
472
473
474
475/*************************************************
476* Copy and save string, given length *
477*************************************************/
478
479/* It is assumed the data contains no zeros. A zero is added
480onto the end.
481
482Arguments:
483 s string to copy
484 n number of characters
485
486Returns: copy of string in new store
487*/
488
489uschar *
1dc92d5a 490string_copyn(const uschar *s, int n)
059ec3d9
PH
491{
492uschar *ss = store_get(n + 1);
493Ustrncpy(ss, s, n);
494ss[n] = 0;
495return ss;
496}
497
498
499/*************************************************
500* Copy, lowercase, and save string, given length *
501*************************************************/
502
503/* It is assumed the data contains no zeros. A zero is added
504onto the end.
505
506Arguments:
507 s string to copy
508 n number of characters
509
510Returns: copy of string in new store, with letters lowercased
511*/
512
513uschar *
514string_copynlc(uschar *s, int n)
515{
516uschar *ss = store_get(n + 1);
517uschar *p = ss;
518while (n-- > 0) *p++ = tolower(*s++);
519*p = 0;
520return ss;
521}
522
523
524
525/*************************************************
e28326d8
PH
526* Copy string if long, inserting newlines *
527*************************************************/
528
529/* If the given string is longer than 75 characters, it is copied, and within
530the copy, certain space characters are converted into newlines.
531
532Argument: pointer to the string
533Returns: pointer to the possibly altered string
534*/
535
536uschar *
537string_split_message(uschar *msg)
538{
539uschar *s, *ss;
540
541if (msg == NULL || Ustrlen(msg) <= 75) return msg;
542s = ss = msg = string_copy(msg);
543
544for (;;)
545 {
546 int i = 0;
547 while (i < 75 && *ss != 0 && *ss != '\n') ss++, i++;
548 if (*ss == 0) break;
549 if (*ss == '\n')
550 s = ++ss;
551 else
552 {
553 uschar *t = ss + 1;
554 uschar *tt = NULL;
555 while (--t > s + 35)
556 {
557 if (*t == ' ')
558 {
559 if (t[-1] == ':') { tt = t; break; }
560 if (tt == NULL) tt = t;
561 }
562 }
563
564 if (tt == NULL) /* Can't split behind - try ahead */
565 {
566 t = ss + 1;
567 while (*t != 0)
568 {
569 if (*t == ' ' || *t == '\n')
570 { tt = t; break; }
571 t++;
572 }
573 }
574
575 if (tt == NULL) break; /* Can't find anywhere to split */
576 *tt = '\n';
577 s = ss = tt+1;
578 }
579 }
580
581return msg;
582}
583
584
585
586/*************************************************
059ec3d9
PH
587* Copy returned DNS domain name, de-escaping *
588*************************************************/
589
590/* If a domain name contains top-bit characters, some resolvers return
591the fully qualified name with those characters turned into escapes. The
592convention is a backslash followed by _decimal_ digits. We convert these
593back into the original binary values. This will be relevant when
594allow_utf8_domains is set true and UTF-8 characters are used in domain
595names. Backslash can also be used to escape other characters, though we
596shouldn't come across them in domain names.
597
598Argument: the domain name string
599Returns: copy of string in new store, de-escaped
600*/
601
602uschar *
603string_copy_dnsdomain(uschar *s)
604{
605uschar *yield;
606uschar *ss = yield = store_get(Ustrlen(s) + 1);
607
608while (*s != 0)
609 {
610 if (*s != '\\')
611 {
612 *ss++ = *s++;
613 }
614 else if (isdigit(s[1]))
615 {
616 *ss++ = (s[1] - '0')*100 + (s[2] - '0')*10 + s[3] - '0';
617 s += 4;
618 }
619 else if (*(++s) != 0)
620 {
621 *ss++ = *s++;
622 }
623 }
624
625*ss = 0;
626return yield;
627}
628
629
630#ifndef COMPILE_UTILITY
631/*************************************************
632* Copy space-terminated or quoted string *
633*************************************************/
634
635/* This function copies from a string until its end, or until whitespace is
636encountered, unless the string begins with a double quote, in which case the
637terminating quote is sought, and escaping within the string is done. The length
638of a de-quoted string can be no longer than the original, since escaping always
639turns n characters into 1 character.
640
641Argument: pointer to the pointer to the first character, which gets updated
642Returns: the new string
643*/
644
645uschar *
55414b25 646string_dequote(const uschar **sptr)
059ec3d9 647{
55414b25 648const uschar *s = *sptr;
059ec3d9
PH
649uschar *t, *yield;
650
651/* First find the end of the string */
652
653if (*s != '\"')
059ec3d9 654 while (*s != 0 && !isspace(*s)) s++;
059ec3d9
PH
655else
656 {
657 s++;
8c513105 658 while (*s && *s != '\"')
059ec3d9
PH
659 {
660 if (*s == '\\') (void)string_interpret_escape(&s);
661 s++;
662 }
8c513105 663 if (*s) s++;
059ec3d9
PH
664 }
665
666/* Get enough store to copy into */
667
668t = yield = store_get(s - *sptr + 1);
669s = *sptr;
670
671/* Do the copy */
672
673if (*s != '\"')
674 {
675 while (*s != 0 && !isspace(*s)) *t++ = *s++;
676 }
677else
678 {
679 s++;
680 while (*s != 0 && *s != '\"')
681 {
682 if (*s == '\\') *t++ = string_interpret_escape(&s);
683 else *t++ = *s;
684 s++;
685 }
686 if (*s != 0) s++;
687 }
688
689/* Update the pointer and return the terminated copy */
690
691*sptr = s;
692*t = 0;
693return yield;
694}
695#endif /* COMPILE_UTILITY */
696
697
698
699/*************************************************
700* Format a string and save it *
701*************************************************/
702
94759fce 703/* The formatting is done by string_vformat, which checks the length of
059ec3d9
PH
704everything.
705
706Arguments:
707 format a printf() format - deliberately char * rather than uschar *
708 because it will most usually be a literal string
709 ... arguments for format
710
711Returns: pointer to fresh piece of store containing sprintf'ed string
712*/
713
714uschar *
1ba28e2b 715string_sprintf(const char *format, ...)
059ec3d9 716{
d12746bc 717#ifdef COMPILE_UTILITY
059ec3d9 718uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
d12746bc
JH
719gstring g = { .size = STRING_SPRINTF_BUFFER_SIZE, .ptr = 0, .s = buffer };
720gstring * gp = &g;
721#else
722gstring * gp = string_get(STRING_SPRINTF_BUFFER_SIZE);
723#endif
724gstring * gp2;
725va_list ap;
726
059ec3d9 727va_start(ap, format);
d12746bc
JH
728gp2 = string_vformat(gp, FALSE, format, ap);
729gp->s[gp->ptr] = '\0';
059ec3d9 730va_end(ap);
d12746bc
JH
731
732if (!gp2)
733 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
734 "string_sprintf expansion was longer than %d; format string was (%s)\n"
735 "expansion started '%.32s'",
736 gp->size, format, gp->s);
737
738#ifdef COMPILE_UTILITY
739return string_copy(gp->s);
740#else
741gstring_reset_unused(gp);
742return gp->s;
743#endif
059ec3d9
PH
744}
745
746
747
748/*************************************************
749* Case-independent strncmp() function *
750*************************************************/
751
752/*
753Arguments:
754 s first string
755 t second string
756 n number of characters to compare
757
758Returns: < 0, = 0, or > 0, according to the comparison
759*/
760
761int
1ba28e2b 762strncmpic(const uschar *s, const uschar *t, int n)
059ec3d9
PH
763{
764while (n--)
765 {
766 int c = tolower(*s++) - tolower(*t++);
767 if (c) return c;
768 }
769return 0;
770}
771
772
773/*************************************************
774* Case-independent strcmp() function *
775*************************************************/
776
777/*
778Arguments:
779 s first string
780 t second string
781
782Returns: < 0, = 0, or > 0, according to the comparison
783*/
784
785int
1ba28e2b 786strcmpic(const uschar *s, const uschar *t)
059ec3d9
PH
787{
788while (*s != 0)
789 {
790 int c = tolower(*s++) - tolower(*t++);
791 if (c != 0) return c;
792 }
793return *t;
794}
795
796
797/*************************************************
798* Case-independent strstr() function *
799*************************************************/
800
801/* The third argument specifies whether whitespace is required
802to follow the matched string.
803
804Arguments:
805 s string to search
806 t substring to search for
807 space_follows if TRUE, match only if whitespace follows
808
809Returns: pointer to substring in string, or NULL if not found
810*/
811
812uschar *
813strstric(uschar *s, uschar *t, BOOL space_follows)
814{
815uschar *p = t;
816uschar *yield = NULL;
817int cl = tolower(*p);
818int cu = toupper(*p);
819
820while (*s)
821 {
822 if (*s == cl || *s == cu)
823 {
824 if (yield == NULL) yield = s;
825 if (*(++p) == 0)
826 {
827 if (!space_follows || s[1] == ' ' || s[1] == '\n' ) return yield;
828 yield = NULL;
829 p = t;
830 }
831 cl = tolower(*p);
832 cu = toupper(*p);
833 s++;
834 }
835 else if (yield != NULL)
836 {
837 yield = NULL;
838 p = t;
839 cl = tolower(*p);
840 cu = toupper(*p);
841 }
842 else s++;
843 }
844return NULL;
845}
846
847
848
d12746bc
JH
849#ifdef COMPILE_UTILITY
850/* Dummy version for this function; it should never be called */
851static void
852gstring_grow(gstring * g, int p, int count)
853{
854assert(FALSE);
855}
856#endif
857
858
859
059ec3d9
PH
860#ifndef COMPILE_UTILITY
861/*************************************************
862* Get next string from separated list *
863*************************************************/
864
865/* Leading and trailing space is removed from each item. The separator in the
866list is controlled by the int pointed to by the separator argument as follows:
867
ec95d1a6
PH
868 If the value is > 0 it is used as the separator. This is typically used for
869 sublists such as slash-separated options. The value is always a printing
870 character.
871
872 (If the value is actually > UCHAR_MAX there is only one item in the list.
059ec3d9
PH
873 This is used for some cases when called via functions that sometimes
874 plough through lists, and sometimes are given single items.)
059ec3d9 875
ec95d1a6
PH
876 If the value is <= 0, the string is inspected for a leading <x, where x is an
877 ispunct() or an iscntrl() character. If found, x is used as the separator. If
878 not found:
879
880 (a) if separator == 0, ':' is used
881 (b) if separator <0, -separator is used
882
883 In all cases the value of the separator that is used is written back to the
884 int so that it is used on subsequent calls as we progress through the list.
885
886A literal ispunct() separator can be represented in an item by doubling, but
887there is no way to include an iscntrl() separator as part of the data.
059ec3d9
PH
888
889Arguments:
890 listptr points to a pointer to the current start of the list; the
891 pointer gets updated to point after the end of the next item
892 separator a pointer to the separator character in an int (see above)
893 buffer where to put a copy of the next string in the list; or
894 NULL if the next string is returned in new memory
895 buflen when buffer is not NULL, the size of buffer; otherwise ignored
896
897Returns: pointer to buffer, containing the next substring,
898 or NULL if no more substrings
899*/
900
901uschar *
55414b25 902string_nextinlist(const uschar **listptr, int *separator, uschar *buffer, int buflen)
059ec3d9 903{
55414b25
JH
904int sep = *separator;
905const uschar *s = *listptr;
ec95d1a6 906BOOL sep_is_special;
059ec3d9
PH
907
908if (s == NULL) return NULL;
ec95d1a6
PH
909
910/* This allows for a fixed specified separator to be an iscntrl() character,
911but at the time of implementation, this is never the case. However, it's best
912to be conservative. */
913
914while (isspace(*s) && *s != sep) s++;
915
916/* A change of separator is permitted, so look for a leading '<' followed by an
917allowed character. */
059ec3d9
PH
918
919if (sep <= 0)
920 {
ec95d1a6 921 if (*s == '<' && (ispunct(s[1]) || iscntrl(s[1])))
059ec3d9
PH
922 {
923 sep = s[1];
b72f857f 924 if (*++s) ++s;
ec95d1a6 925 while (isspace(*s) && *s != sep) s++;
059ec3d9
PH
926 }
927 else
928 {
929 sep = (sep == 0)? ':' : -sep;
930 }
931 *separator = sep;
932 }
933
ec95d1a6
PH
934/* An empty string has no list elements */
935
059ec3d9
PH
936if (*s == 0) return NULL;
937
ec95d1a6
PH
938/* Note whether whether or not the separator is an iscntrl() character. */
939
940sep_is_special = iscntrl(sep);
941
059ec3d9
PH
942/* Handle the case when a buffer is provided. */
943
617d3932 944if (buffer)
059ec3d9 945 {
d4ff61d1 946 int p = 0;
059ec3d9
PH
947 for (; *s != 0; s++)
948 {
ec95d1a6 949 if (*s == sep && (*(++s) != sep || sep_is_special)) break;
059ec3d9
PH
950 if (p < buflen - 1) buffer[p++] = *s;
951 }
952 while (p > 0 && isspace(buffer[p-1])) p--;
953 buffer[p] = 0;
954 }
955
956/* Handle the case when a buffer is not provided. */
957
958else
959 {
55414b25 960 const uschar *ss;
acec9514 961 gstring * g = NULL;
ec95d1a6 962
059ec3d9 963 /* We know that *s != 0 at this point. However, it might be pointing to a
ec95d1a6
PH
964 separator, which could indicate an empty string, or (if an ispunct()
965 character) could be doubled to indicate a separator character as data at the
966 start of a string. Avoid getting working memory for an empty item. */
059ec3d9
PH
967
968 if (*s == sep)
969 {
970 s++;
ec95d1a6
PH
971 if (*s != sep || sep_is_special)
972 {
973 *listptr = s;
974 return string_copy(US"");
975 }
059ec3d9
PH
976 }
977
ec95d1a6
PH
978 /* Not an empty string; the first character is guaranteed to be a data
979 character. */
980
981 for (;;)
059ec3d9 982 {
acec9514
JH
983 for (ss = s + 1; *ss != 0 && *ss != sep; ss++) ;
984 g = string_catn(g, s, ss-s);
ec95d1a6
PH
985 s = ss;
986 if (*s == 0 || *(++s) != sep || sep_is_special) break;
059ec3d9 987 }
acec9514
JH
988 while (g->ptr > 0 && isspace(g->s[g->ptr-1])) g->ptr--;
989 buffer = string_from_gstring(g);
617d3932 990 gstring_reset_unused(g);
059ec3d9
PH
991 }
992
993/* Update the current pointer and return the new string */
994
995*listptr = s;
996return buffer;
997}
059ec3d9
PH
998
999
4226691b
JH
1000static const uschar *
1001Ustrnchr(const uschar * s, int c, unsigned * len)
1002{
1003unsigned siz = *len;
1004while (siz)
1005 {
1006 if (!*s) return NULL;
1007 if (*s == c)
1008 {
1009 *len = siz;
1010 return s;
1011 }
1012 s++;
1013 siz--;
1014 }
1015return NULL;
1016}
1017
1018
76146973 1019/************************************************
1d9ddac9 1020* Add element to separated list *
76146973 1021************************************************/
4226691b
JH
1022/* This function is used to build a list, returning an allocated null-terminated
1023growable string. The given element has any embedded separator characters
76146973
JH
1024doubled.
1025
4226691b
JH
1026Despite having the same growable-string interface as string_cat() the list is
1027always returned null-terminated.
1028
76146973 1029Arguments:
acec9514 1030 list expanding-string for the list that is being built, or NULL
76146973 1031 if this is a new list that has no contents yet
4c04137d
JS
1032 sep list separator character
1033 ele new element to be appended to the list
76146973
JH
1034
1035Returns: pointer to the start of the list, changed if copied for expansion.
1036*/
1037
acec9514
JH
1038gstring *
1039string_append_listele(gstring * list, uschar sep, const uschar * ele)
76146973 1040{
76146973
JH
1041uschar * sp;
1042
acec9514
JH
1043if (list && list->ptr)
1044 list = string_catn(list, &sep, 1);
76146973 1045
e3dd1d67 1046while((sp = Ustrchr(ele, sep)))
76146973 1047 {
acec9514
JH
1048 list = string_catn(list, ele, sp-ele+1);
1049 list = string_catn(list, &sep, 1);
76146973
JH
1050 ele = sp+1;
1051 }
acec9514
JH
1052list = string_cat(list, ele);
1053(void) string_from_gstring(list);
4226691b 1054return list;
76146973 1055}
00ba27c5
JH
1056
1057
acec9514
JH
1058gstring *
1059string_append_listele_n(gstring * list, uschar sep, const uschar * ele,
1060 unsigned len)
00ba27c5 1061{
00ba27c5
JH
1062const uschar * sp;
1063
acec9514
JH
1064if (list && list->ptr)
1065 list = string_catn(list, &sep, 1);
00ba27c5
JH
1066
1067while((sp = Ustrnchr(ele, sep, &len)))
1068 {
acec9514
JH
1069 list = string_catn(list, ele, sp-ele+1);
1070 list = string_catn(list, &sep, 1);
00ba27c5
JH
1071 ele = sp+1;
1072 len--;
1073 }
acec9514
JH
1074list = string_catn(list, ele, len);
1075(void) string_from_gstring(list);
4226691b 1076return list;
00ba27c5 1077}
76146973
JH
1078
1079
059ec3d9 1080
bce15b62
JH
1081/* A slightly-bogus listmaker utility; the separator is a string so
1082can be multiple chars - there is no checking for the element content
1083containing any of the separator. */
1084
1085gstring *
1086string_append2_listele_n(gstring * list, const uschar * sepstr,
1087 const uschar * ele, unsigned len)
1088{
bce15b62
JH
1089if (list && list->ptr)
1090 list = string_cat(list, sepstr);
1091
1092list = string_catn(list, ele, len);
1093(void) string_from_gstring(list);
1094return list;
1095}
1096
1097
1098
acec9514
JH
1099/************************************************/
1100/* Create a growable-string with some preassigned space */
1101
1102gstring *
1103string_get(unsigned size)
1104{
1105gstring * g = store_get(sizeof(gstring) + size);
1106g->size = size;
1107g->ptr = 0;
1108g->s = US(g + 1);
1109return g;
1110}
1111
1112/* NUL-terminate the C string in the growable-string, and return it. */
1113
1114uschar *
1115string_from_gstring(gstring * g)
1116{
1117if (!g) return NULL;
1118g->s[g->ptr] = '\0';
1119return g->s;
1120}
1121
617d3932
JH
1122void
1123gstring_reset_unused(gstring * g)
1124{
1125store_reset(g->s + (g->size = g->ptr + 1));
1126}
1127
059ec3d9 1128
d12746bc
JH
1129/* Add more space to a growable-string.
1130
1131Arguments:
1132 g the growable-string
938593e9
JH
1133 p current end of data
1134 count amount to grow by
1135*/
1136
1137static void
acec9514
JH
1138gstring_grow(gstring * g, int p, int count)
1139{
1140int oldsize = g->size;
1141
1142/* Mostly, string_cat() is used to build small strings of a few hundred
1143characters at most. There are times, however, when the strings are very much
1144longer (for example, a lookup that returns a vast number of alias addresses).
1145To try to keep things reasonable, we use increments whose size depends on the
1146existing length of the string. */
1147
1148unsigned inc = oldsize < 4096 ? 127 : 1023;
1149g->size = ((p + count + inc) & ~inc) + 1;
1150
1151/* Try to extend an existing allocation. If the result of calling
1152store_extend() is false, either there isn't room in the current memory block,
1153or this string is not the top item on the dynamic store stack. We then have
1154to get a new chunk of store and copy the old string. When building large
1155strings, it is helpful to call store_release() on the old string, to release
1156memory blocks that have become empty. (The block will be freed if the string
1157is at its start.) However, we can do this only if we know that the old string
1158was the last item on the dynamic memory stack. This is the case if it matches
1159store_last_get. */
1160
1161if (!store_extend(g->s, oldsize, g->size))
459fca58 1162 g->s = store_newblock(g->s, g->size, p);
acec9514
JH
1163}
1164
1165
1166
d12746bc
JH
1167/*************************************************
1168* Add chars to string *
1169*************************************************/
059ec3d9
PH
1170/* This function is used when building up strings of unknown length. Room is
1171always left for a terminating zero to be added to the string that is being
1172built. This function does not require the string that is being added to be NUL
1173terminated, because the number of characters to add is given explicitly. It is
1174sometimes called to extract parts of other strings.
1175
1176Arguments:
1177 string points to the start of the string that is being built, or NULL
1178 if this is a new string that has no contents yet
059ec3d9
PH
1179 s points to characters to add
1180 count count of characters to add; must not exceed the length of s, if s
42055a33 1181 is a C string.
059ec3d9 1182
059ec3d9
PH
1183Returns: pointer to the start of the string, changed if copied for expansion.
1184 Note that a NUL is not added, though space is left for one. This is
1185 because string_cat() is often called multiple times to build up a
1186 string - there's no point adding the NUL till the end.
a1b8a755 1187
059ec3d9 1188*/
96f5fe4c 1189/* coverity[+alloc] */
059ec3d9 1190
acec9514
JH
1191gstring *
1192string_catn(gstring * g, const uschar *s, int count)
059ec3d9 1193{
acec9514 1194int p;
059ec3d9 1195
acec9514 1196if (!g)
059ec3d9 1197 {
acec9514
JH
1198 unsigned inc = count < 4096 ? 127 : 1023;
1199 unsigned size = ((count + inc) & ~inc) + 1;
1200 g = string_get(size);
059ec3d9
PH
1201 }
1202
acec9514
JH
1203p = g->ptr;
1204if (p + count >= g->size)
1205 gstring_grow(g, p, count);
1206
059ec3d9
PH
1207/* Because we always specify the exact number of characters to copy, we can
1208use memcpy(), which is likely to be more efficient than strncopy() because the
acec9514 1209latter has to check for zero bytes. */
059ec3d9 1210
acec9514
JH
1211memcpy(g->s + p, s, count);
1212g->ptr = p + count;
1213return g;
059ec3d9 1214}
acec9514
JH
1215
1216
1217gstring *
1218string_cat(gstring *string, const uschar *s)
c2f669a4 1219{
acec9514 1220return string_catn(string, s, Ustrlen(s));
c2f669a4 1221}
059ec3d9
PH
1222
1223
1224
059ec3d9
PH
1225/*************************************************
1226* Append strings to another string *
1227*************************************************/
1228
1229/* This function can be used to build a string from many other strings.
1230It calls string_cat() to do the dirty work.
1231
1232Arguments:
acec9514 1233 string expanding-string that is being built, or NULL
059ec3d9 1234 if this is a new string that has no contents yet
059ec3d9
PH
1235 count the number of strings to append
1236 ... "count" uschar* arguments, which must be valid zero-terminated
1237 C strings
1238
1239Returns: pointer to the start of the string, changed if copied for expansion.
1240 The string is not zero-terminated - see string_cat() above.
1241*/
1242
acec9514
JH
1243__inline__ gstring *
1244string_append(gstring *string, int count, ...)
059ec3d9
PH
1245{
1246va_list ap;
059ec3d9
PH
1247
1248va_start(ap, count);
acec9514 1249while (count-- > 0)
059ec3d9
PH
1250 {
1251 uschar *t = va_arg(ap, uschar *);
acec9514 1252 string = string_cat(string, t);
059ec3d9
PH
1253 }
1254va_end(ap);
1255
1256return string;
1257}
1258#endif
1259
1260
1261
1262/*************************************************
1263* Format a string with length checks *
1264*************************************************/
1265
1266/* This function is used to format a string with checking of the length of the
1267output for all conversions. It protects Exim from absent-mindedness when
1268calling functions like debug_printf and string_sprintf, and elsewhere. There
1269are two different entry points to what is actually the same function, depending
1270on whether the variable length list of data arguments are given explicitly or
1271as a va_list item.
1272
1273The formats are the usual printf() ones, with some omissions (never used) and
c0b9d3e8 1274three additions for strings: %S forces lower case, %T forces upper case, and
acec9514 1275%#s or %#S prints nothing for a NULL string. Without the # "NULL" is printed
c0b9d3e8
JH
1276(useful in debugging). There is also the addition of %D and %M, which insert
1277the date in the form used for datestamped log files.
059ec3d9
PH
1278
1279Arguments:
1280 buffer a buffer in which to put the formatted string
1281 buflen the length of the buffer
1282 format the format string - deliberately char * and not uschar *
1283 ... or ap variable list of supplementary arguments
1284
1285Returns: TRUE if the result fitted in the buffer
1286*/
1287
1288BOOL
d12746bc 1289string_format(uschar * buffer, int buflen, const char * format, ...)
059ec3d9 1290{
d12746bc 1291gstring g = { .size = buflen, .ptr = 0, .s = buffer }, *gp;
059ec3d9
PH
1292va_list ap;
1293va_start(ap, format);
d12746bc 1294gp = string_vformat(&g, FALSE, format, ap);
059ec3d9 1295va_end(ap);
d12746bc
JH
1296g.s[g.ptr] = '\0';
1297return !!gp;
059ec3d9
PH
1298}
1299
1300
d12746bc
JH
1301
1302
1303
1304/* Bulid or append to a growing-string, sprintf-style.
1305
1306If the "extend" argument is true, the string passed in can be NULL,
1307empty, or non-empty.
1308
1309If the "extend" argument is false, the string passed in may not be NULL,
1310will not be grown, and is usable in the original place after return.
1311The return value can be NULL to signify overflow.
1312
1313Returns the possibly-new (if copy for growth was needed) string,
1314not nul-terminated.
1315*/
1316
1317gstring *
1318string_vformat(gstring * g, BOOL extend, const char *format, va_list ap)
059ec3d9 1319{
d12746bc
JH
1320enum ltypes { L_NORMAL=1, L_SHORT=2, L_LONG=3, L_LONGLONG=4, L_LONGDOUBLE=5, L_SIZE=6 };
1321
1322int width, precision, off, lim;
1323const char * fp = format; /* Deliberately not unsigned */
b1c749bb 1324
d12746bc
JH
1325string_datestamp_offset = -1; /* Datestamp not inserted */
1326string_datestamp_length = 0; /* Datestamp not inserted */
1327string_datestamp_type = 0; /* Datestamp not inserted */
059ec3d9 1328
d12746bc
JH
1329#ifdef COMPILE_UTILITY
1330assert(!extend);
1331assert(g);
1332#else
1333
1334/* Ensure we have a string, to save on checking later */
1335if (!g) g = string_get(16);
1336#endif /*!COMPILE_UTILITY*/
1337
1338lim = g->size - 1; /* leave one for a nul */
1339off = g->ptr; /* remember initial offset in gstring */
059ec3d9
PH
1340
1341/* Scan the format and handle the insertions */
1342
d12746bc 1343while (*fp)
059ec3d9 1344 {
b1c749bb 1345 int length = L_NORMAL;
059ec3d9
PH
1346 int *nptr;
1347 int slen;
d12746bc
JH
1348 const char *null = "NULL"; /* ) These variables */
1349 const char *item_start, *s; /* ) are deliberately */
1350 char newformat[16]; /* ) not unsigned */
1351 char * gp = CS g->s + g->ptr; /* ) */
059ec3d9
PH
1352
1353 /* Non-% characters just get copied verbatim */
1354
1355 if (*fp != '%')
1356 {
d12746bc
JH
1357 /* Avoid string_copyn() due to COMPILE_UTILITY */
1358 if (g->ptr >= lim - 1)
1100a343
JH
1359 {
1360 if (!extend) return NULL;
1361 gstring_grow(g, g->ptr, 1);
1362 lim = g->size - 1;
1363 }
d12746bc 1364 g->s[g->ptr++] = (uschar) *fp++;
059ec3d9
PH
1365 continue;
1366 }
1367
1368 /* Deal with % characters. Pick off the width and precision, for checking
1369 strings, skipping over the flag and modifier characters. */
1370
1371 item_start = fp;
1372 width = precision = -1;
1373
1374 if (strchr("-+ #0", *(++fp)) != NULL)
1375 {
1376 if (*fp == '#') null = "";
1377 fp++;
1378 }
1379
1380 if (isdigit((uschar)*fp))
1381 {
1382 width = *fp++ - '0';
1383 while (isdigit((uschar)*fp)) width = width * 10 + *fp++ - '0';
1384 }
1385 else if (*fp == '*')
1386 {
1387 width = va_arg(ap, int);
1388 fp++;
1389 }
1390
1391 if (*fp == '.')
059ec3d9
PH
1392 if (*(++fp) == '*')
1393 {
1394 precision = va_arg(ap, int);
1395 fp++;
1396 }
1397 else
d12746bc
JH
1398 for (precision = 0; isdigit((uschar)*fp); fp++)
1399 precision = precision*10 + *fp - '0';
059ec3d9 1400
91a246f6 1401 /* Skip over 'h', 'L', 'l', 'll' and 'z', remembering the item length */
b1c749bb
PH
1402
1403 if (*fp == 'h')
1404 { fp++; length = L_SHORT; }
1405 else if (*fp == 'L')
1406 { fp++; length = L_LONGDOUBLE; }
1407 else if (*fp == 'l')
b1c749bb 1408 if (fp[1] == 'l')
d12746bc 1409 { fp += 2; length = L_LONGLONG; }
b1c749bb 1410 else
d12746bc 1411 { fp++; length = L_LONG; }
91a246f6
PP
1412 else if (*fp == 'z')
1413 { fp++; length = L_SIZE; }
059ec3d9
PH
1414
1415 /* Handle each specific format type. */
1416
1417 switch (*fp++)
1418 {
1419 case 'n':
d12746bc
JH
1420 nptr = va_arg(ap, int *);
1421 *nptr = g->ptr - off;
1422 break;
059ec3d9
PH
1423
1424 case 'd':
1425 case 'o':
1426 case 'u':
1427 case 'x':
1428 case 'X':
d12746bc
JH
1429 width = length > L_LONG ? 24 : 12;
1430 if (g->ptr >= lim - width)
1100a343
JH
1431 {
1432 if (!extend) return NULL;
1433 gstring_grow(g, g->ptr, width);
1434 lim = g->size - 1;
1435 gp = CS g->s + g->ptr;
1436 }
d12746bc
JH
1437 strncpy(newformat, item_start, fp - item_start);
1438 newformat[fp - item_start] = 0;
b1c749bb 1439
d12746bc
JH
1440 /* Short int is promoted to int when passing through ..., so we must use
1441 int for va_arg(). */
b1c749bb 1442
d12746bc
JH
1443 switch(length)
1444 {
1445 case L_SHORT:
1446 case L_NORMAL:
1447 g->ptr += sprintf(gp, newformat, va_arg(ap, int)); break;
1448 case L_LONG:
1449 g->ptr += sprintf(gp, newformat, va_arg(ap, long int)); break;
1450 case L_LONGLONG:
1451 g->ptr += sprintf(gp, newformat, va_arg(ap, LONGLONG_T)); break;
1452 case L_SIZE:
1453 g->ptr += sprintf(gp, newformat, va_arg(ap, size_t)); break;
1454 }
1455 break;
059ec3d9
PH
1456
1457 case 'p':
2e8db779
JH
1458 {
1459 void * ptr;
d12746bc 1460 if (g->ptr >= lim - 24)
1100a343
JH
1461 {
1462 if (!extend) return NULL;
1463 gstring_grow(g, g->ptr, 24);
1464 lim = g->size - 1;
1465 gp = CS g->s + g->ptr;
1466 }
81f358da
JH
1467 /* sprintf() saying "(nil)" for a null pointer seems unreliable.
1468 Handle it explicitly. */
2e8db779
JH
1469 if ((ptr = va_arg(ap, void *)))
1470 {
1471 strncpy(newformat, item_start, fp - item_start);
1472 newformat[fp - item_start] = 0;
d12746bc 1473 g->ptr += sprintf(gp, newformat, ptr);
2e8db779
JH
1474 }
1475 else
d12746bc 1476 g->ptr += sprintf(gp, "(nil)");
2e8db779 1477 }
059ec3d9
PH
1478 break;
1479
1480 /* %f format is inherently insecure if the numbers that it may be
870f6ba8
TF
1481 handed are unknown (e.g. 1e300). However, in Exim, %f is used for
1482 printing load averages, and these are actually stored as integers
1483 (load average * 1000) so the size of the numbers is constrained.
1484 It is also used for formatting sending rates, where the simplicity
1485 of the format prevents overflow. */
059ec3d9
PH
1486
1487 case 'f':
1488 case 'e':
1489 case 'E':
1490 case 'g':
1491 case 'G':
d12746bc
JH
1492 if (precision < 0) precision = 6;
1493 if (g->ptr >= lim - precision - 8)
1100a343
JH
1494 {
1495 if (!extend) return NULL;
1496 gstring_grow(g, g->ptr, precision+8);
1497 lim = g->size - 1;
1498 gp = CS g->s + g->ptr;
1499 }
d12746bc
JH
1500 strncpy(newformat, item_start, fp - item_start);
1501 newformat[fp-item_start] = 0;
1502 if (length == L_LONGDOUBLE)
1503 g->ptr += sprintf(gp, newformat, va_arg(ap, long double));
1504 else
1505 g->ptr += sprintf(gp, newformat, va_arg(ap, double));
1506 break;
059ec3d9
PH
1507
1508 /* String types */
1509
1510 case '%':
d12746bc 1511 if (g->ptr >= lim - 1)
1100a343
JH
1512 {
1513 if (!extend) return NULL;
1514 gstring_grow(g, g->ptr, 1);
1515 lim = g->size - 1;
1516 }
d12746bc
JH
1517 g->s[g->ptr++] = (uschar) '%';
1518 break;
059ec3d9
PH
1519
1520 case 'c':
d12746bc 1521 if (g->ptr >= lim - 1)
1100a343
JH
1522 {
1523 if (!extend) return NULL;
1524 gstring_grow(g, g->ptr, 1);
1525 lim = g->size - 1;
1526 }
d12746bc
JH
1527 g->s[g->ptr++] = (uschar) va_arg(ap, int);
1528 break;
059ec3d9 1529
f1e5fef5 1530 case 'D': /* Insert daily datestamp for log file names */
d12746bc
JH
1531 s = CS tod_stamp(tod_log_datestamp_daily);
1532 string_datestamp_offset = g->ptr; /* Passed back via global */
1533 string_datestamp_length = Ustrlen(s); /* Passed back via global */
1534 string_datestamp_type = tod_log_datestamp_daily;
1535 slen = string_datestamp_length;
1536 goto INSERT_STRING;
f1e5fef5
PP
1537
1538 case 'M': /* Insert monthly datestamp for log file names */
d12746bc
JH
1539 s = CS tod_stamp(tod_log_datestamp_monthly);
1540 string_datestamp_offset = g->ptr; /* Passed back via global */
1541 string_datestamp_length = Ustrlen(s); /* Passed back via global */
1542 string_datestamp_type = tod_log_datestamp_monthly;
1543 slen = string_datestamp_length;
1544 goto INSERT_STRING;
059ec3d9
PH
1545
1546 case 's':
1547 case 'S': /* Forces *lower* case */
c0b9d3e8 1548 case 'T': /* Forces *upper* case */
d12746bc 1549 s = va_arg(ap, char *);
059ec3d9 1550
d12746bc
JH
1551 if (!s) s = null;
1552 slen = Ustrlen(s);
059ec3d9 1553
f1e5fef5
PP
1554 INSERT_STRING: /* Come to from %D or %M above */
1555
059ec3d9 1556 {
d12746bc 1557 BOOL truncated = FALSE;
059ec3d9 1558
d12746bc
JH
1559 /* If the width is specified, check that there is a precision
1560 set; if not, set it to the width to prevent overruns of long
1561 strings. */
059ec3d9 1562
d12746bc
JH
1563 if (width >= 0)
1564 {
1565 if (precision < 0) precision = width;
1566 }
059ec3d9 1567
d12746bc
JH
1568 /* If a width is not specified and the precision is specified, set
1569 the width to the precision, or the string length if shorted. */
059ec3d9 1570
d12746bc
JH
1571 else if (precision >= 0)
1572 width = precision < slen ? precision : slen;
059ec3d9 1573
d12746bc 1574 /* If neither are specified, set them both to the string length. */
059ec3d9 1575
d12746bc
JH
1576 else
1577 width = precision = slen;
1578
1579 if (!extend)
1580 {
1581 if (g->ptr == lim) return NULL;
1582 if (g->ptr >= lim - width)
1583 {
1584 truncated = TRUE;
1585 width = precision = lim - g->ptr - 1;
1586 if (width < 0) width = 0;
1587 if (precision < 0) precision = 0;
1588 }
1589 }
1590 else if (g->ptr >= lim - width)
1100a343
JH
1591 {
1592 gstring_grow(g, g->ptr, width - (lim - g->ptr));
1593 lim = g->size - 1;
1594 gp = CS g->s + g->ptr;
1595 }
d12746bc
JH
1596
1597 g->ptr += sprintf(gp, "%*.*s", width, precision, s);
1598 if (fp[-1] == 'S')
1599 while (*gp) { *gp = tolower(*gp); gp++; }
1600 else if (fp[-1] == 'T')
1601 while (*gp) { *gp = toupper(*gp); gp++; }
1602
1603 if (truncated) return NULL;
1604 break;
059ec3d9 1605 }
059ec3d9
PH
1606
1607 /* Some things are never used in Exim; also catches junk. */
1608
1609 default:
d12746bc
JH
1610 strncpy(newformat, item_start, fp - item_start);
1611 newformat[fp-item_start] = 0;
1612 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "string_format: unsupported type "
1613 "in \"%s\" in \"%s\"", newformat, format);
1614 break;
059ec3d9
PH
1615 }
1616 }
1617
d12746bc
JH
1618return g;
1619}
059ec3d9 1620
059ec3d9 1621
d12746bc
JH
1622
1623#ifndef COMPILE_UTILITY
1624
1625gstring *
1626string_fmt_append(gstring * g, const char *format, ...)
1627{
1628va_list ap;
1629va_start(ap, format);
1630g = string_vformat(g, TRUE, format, ap);
1631va_end(ap);
1632return g;
059ec3d9
PH
1633}
1634
1635
1636
059ec3d9
PH
1637/*************************************************
1638* Generate an "open failed" message *
1639*************************************************/
1640
1641/* This function creates a message after failure to open a file. It includes a
1642string supplied as data, adds the strerror() text, and if the failure was
1643"Permission denied", reads and includes the euid and egid.
1644
1645Arguments:
1646 eno the value of errno after the failure
1647 format a text format string - deliberately not uschar *
1648 ... arguments for the format string
1649
1650Returns: a message, in dynamic store
1651*/
1652
1653uschar *
1ba28e2b 1654string_open_failed(int eno, const char *format, ...)
059ec3d9
PH
1655{
1656va_list ap;
d12746bc 1657gstring * g = string_get(1024);
059ec3d9 1658
d12746bc 1659g = string_catn(g, US"failed to open ", 15);
059ec3d9
PH
1660
1661/* Use the checked formatting routine to ensure that the buffer
1662does not overflow. It should not, since this is called only for internally
1663specified messages. If it does, the message just gets truncated, and there
1664doesn't seem much we can do about that. */
1665
d12746bc
JH
1666va_start(ap, format);
1667(void) string_vformat(g, FALSE, format, ap);
1668string_from_gstring(g);
1669gstring_reset_unused(g);
cb570b5e 1670va_end(ap);
059ec3d9 1671
d12746bc
JH
1672return eno == EACCES
1673 ? string_sprintf("%s: %s (euid=%ld egid=%ld)", g->s, strerror(eno),
1674 (long int)geteuid(), (long int)getegid())
1675 : string_sprintf("%s: %s", g->s, strerror(eno));
059ec3d9
PH
1676}
1677#endif /* COMPILE_UTILITY */
1678
1679
1680
059ec3d9
PH
1681
1682
bc3c7bb7
HSHR
1683#ifndef COMPILE_UTILITY
1684/* qsort(3), currently used to sort the environment variables
1685for -bP environment output, needs a function to compare two pointers to string
1686pointers. Here it is. */
1687
1688int
84bbb4d8 1689string_compare_by_pointer(const void *a, const void *b)
bc3c7bb7 1690{
35a5627d 1691return Ustrcmp(* CUSS a, * CUSS b);
bc3c7bb7
HSHR
1692}
1693#endif /* COMPILE_UTILITY */
059ec3d9
PH
1694
1695
1696
d12746bc 1697
059ec3d9
PH
1698/*************************************************
1699**************************************************
1700* Stand-alone test program *
1701**************************************************
1702*************************************************/
1703
1704#ifdef STAND_ALONE
1705int main(void)
1706{
1707uschar buffer[256];
1708
1709printf("Testing is_ip_address\n");
1710
1711while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1712 {
1713 int offset;
1714 buffer[Ustrlen(buffer) - 1] = 0;
1715 printf("%d\n", string_is_ip_address(buffer, NULL));
1716 printf("%d %d %s\n", string_is_ip_address(buffer, &offset), offset, buffer);
1717 }
1718
1719printf("Testing string_nextinlist\n");
1720
1721while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1722 {
1723 uschar *list = buffer;
1724 uschar *lp1, *lp2;
1725 uschar item[256];
1726 int sep1 = 0;
1727 int sep2 = 0;
1728
1729 if (*list == '<')
1730 {
1731 sep1 = sep2 = list[1];
1732 list += 2;
1733 }
1734
1735 lp1 = lp2 = list;
1736 for (;;)
1737 {
1738 uschar *item1 = string_nextinlist(&lp1, &sep1, item, sizeof(item));
1739 uschar *item2 = string_nextinlist(&lp2, &sep2, NULL, 0);
1740
1741 if (item1 == NULL && item2 == NULL) break;
1742 if (item == NULL || item2 == NULL || Ustrcmp(item1, item2) != 0)
1743 {
1744 printf("***ERROR\nitem1=\"%s\"\nitem2=\"%s\"\n",
1745 (item1 == NULL)? "NULL" : CS item1,
1746 (item2 == NULL)? "NULL" : CS item2);
1747 break;
1748 }
1749 else printf(" \"%s\"\n", CS item1);
1750 }
1751 }
1752
1753/* This is a horrible lash-up, but it serves its purpose. */
1754
1755printf("Testing string_format\n");
1756
1757while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1758 {
1759 void *args[3];
ed72ace5 1760 long long llargs[3];
059ec3d9
PH
1761 double dargs[3];
1762 int dflag = 0;
ed72ace5 1763 int llflag = 0;
059ec3d9
PH
1764 int n = 0;
1765 int count;
1766 int countset = 0;
1767 uschar format[256];
1768 uschar outbuf[256];
1769 uschar *s;
1770 buffer[Ustrlen(buffer) - 1] = 0;
1771
1772 s = Ustrchr(buffer, ',');
1773 if (s == NULL) s = buffer + Ustrlen(buffer);
1774
1775 Ustrncpy(format, buffer, s - buffer);
1776 format[s-buffer] = 0;
1777
1778 if (*s == ',') s++;
1779
1780 while (*s != 0)
1781 {
1782 uschar *ss = s;
1783 s = Ustrchr(ss, ',');
1784 if (s == NULL) s = ss + Ustrlen(ss);
1785
1786 if (isdigit(*ss))
1787 {
1788 Ustrncpy(outbuf, ss, s-ss);
1789 if (Ustrchr(outbuf, '.') != NULL)
1790 {
1791 dflag = 1;
1792 dargs[n++] = Ustrtod(outbuf, NULL);
1793 }
ed72ace5
PH
1794 else if (Ustrstr(outbuf, "ll") != NULL)
1795 {
1796 llflag = 1;
1797 llargs[n++] = strtoull(CS outbuf, NULL, 10);
1798 }
059ec3d9
PH
1799 else
1800 {
1801 args[n++] = (void *)Uatoi(outbuf);
1802 }
1803 }
1804
1805 else if (Ustrcmp(ss, "*") == 0)
1806 {
1807 args[n++] = (void *)(&count);
1808 countset = 1;
1809 }
1810
1811 else
1812 {
1813 uschar *sss = malloc(s - ss + 1);
1814 Ustrncpy(sss, ss, s-ss);
1815 args[n++] = sss;
1816 }
1817
1818 if (*s == ',') s++;
1819 }
1820
ed72ace5
PH
1821 if (!dflag && !llflag)
1822 printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1823 args[0], args[1], args[2])? "True" : "False");
1824
1825 else if (dflag)
1826 printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1827 dargs[0], dargs[1], dargs[2])? "True" : "False");
059ec3d9
PH
1828
1829 else printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
ed72ace5 1830 llargs[0], llargs[1], llargs[2])? "True" : "False");
059ec3d9
PH
1831
1832 printf("%s\n", CS outbuf);
1833 if (countset) printf("count=%d\n", count);
1834 }
1835
1836return 0;
1837}
1838#endif
1839
1840/* End of string.c */