mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-09 09:27:59 +00:00
f081885bc0
misc.c has always contained a combination of things that are tied tightly into the PuTTY code base (e.g. they use the conf system, or work with our sockets abstraction) and things that are pure standalone utility functions like nullstrcmp() which could quite happily be dropped into any C program without causing a link failure. Now the latter kind of standalone utility code lives in the new source file utils.c, whose only external dependency is on memory.c (for snew, sfree etc), which in turn requires the user to provide an out_of_memory() function. So it should now be much easier to link test programs that use PuTTY's low-level functions without also pulling in half its bulky infrastructure. In the process, I came across a memory allocation logging system enabled by -DMALLOC_LOG that looks long since bit-rotted; in any case we have much more advanced tools for that kind of thing these days, like valgrind and Leak Sanitiser, so I've just removed it rather than trying to transplant it somewhere sensible. (We can always pull it back out of the version control history if really necessary, but I haven't used it in at least a decade.) The other slightly silly thing I did was to give bufchain a function pointer field that points to queue_idempotent_callback(), and disallow direct setting of the 'ic' field in favour of calling bufchain_set_callback which will fill that pointer in too. That allows the bufchain system to live in utils.c rather than misc.c, so that programs can use it without also having to link in the callback system or provide an annoying stub of that function. In fact that's just allowed me to remove stubs of that kind from PuTTYgen and Pageant!
331 lines
12 KiB
C
331 lines
12 KiB
C
/*
|
|
* Header for misc.c.
|
|
*/
|
|
|
|
#ifndef PUTTY_MISC_H
|
|
#define PUTTY_MISC_H
|
|
|
|
#include "defs.h"
|
|
#include "puttymem.h"
|
|
#include "marshal.h"
|
|
|
|
#include <stdio.h> /* for FILE * */
|
|
#include <stdarg.h> /* for va_list */
|
|
#include <stdlib.h> /* for abort */
|
|
#include <time.h> /* for struct tm */
|
|
#include <limits.h> /* for INT_MAX/MIN */
|
|
#include <assert.h> /* for assert (obviously) */
|
|
|
|
unsigned long parse_blocksize(const char *bs);
|
|
char ctrlparse(char *s, char **next);
|
|
|
|
size_t host_strcspn(const char *s, const char *set);
|
|
char *host_strchr(const char *s, int c);
|
|
char *host_strrchr(const char *s, int c);
|
|
char *host_strduptrim(const char *s);
|
|
|
|
char *dupstr(const char *s);
|
|
char *dupcat(const char *s1, ...);
|
|
char *dupprintf(const char *fmt, ...)
|
|
#ifdef __GNUC__
|
|
__attribute__ ((format (printf, 1, 2)))
|
|
#endif
|
|
;
|
|
char *dupvprintf(const char *fmt, va_list ap);
|
|
void burnstr(char *string);
|
|
|
|
struct strbuf {
|
|
char *s;
|
|
unsigned char *u;
|
|
int len;
|
|
BinarySink_IMPLEMENTATION;
|
|
/* (also there's a surrounding implementation struct in misc.c) */
|
|
};
|
|
strbuf *strbuf_new(void);
|
|
void strbuf_free(strbuf *buf);
|
|
void *strbuf_append(strbuf *buf, size_t len);
|
|
char *strbuf_to_str(strbuf *buf); /* does free buf, but you must free result */
|
|
void strbuf_catf(strbuf *buf, const char *fmt, ...);
|
|
void strbuf_catfv(strbuf *buf, const char *fmt, va_list ap);
|
|
|
|
strbuf *strbuf_new_for_agent_query(void);
|
|
void strbuf_finalise_agent_query(strbuf *buf);
|
|
|
|
/* String-to-Unicode converters that auto-allocate the destination and
|
|
* work around the rather deficient interface of mb_to_wc.
|
|
*
|
|
* These actually live in miscucs.c, not misc.c (the distinction being
|
|
* that the former is only linked into tools that also have the main
|
|
* Unicode support). */
|
|
wchar_t *dup_mb_to_wc_c(int codepage, int flags, const char *string, int len);
|
|
wchar_t *dup_mb_to_wc(int codepage, int flags, const char *string);
|
|
|
|
static inline int toint(unsigned u)
|
|
{
|
|
/*
|
|
* Convert an unsigned to an int, without running into the
|
|
* undefined behaviour which happens by the strict C standard if
|
|
* the value overflows. You'd hope that sensible compilers would
|
|
* do the sensible thing in response to a cast, but actually I
|
|
* don't trust modern compilers not to do silly things like
|
|
* assuming that _obviously_ you wouldn't have caused an overflow
|
|
* and so they can elide an 'if (i < 0)' test immediately after
|
|
* the cast.
|
|
*
|
|
* Sensible compilers ought of course to optimise this entire
|
|
* function into 'just return the input value', and since it's
|
|
* also declared inline, elide it completely in their output.
|
|
*/
|
|
if (u <= (unsigned)INT_MAX)
|
|
return (int)u;
|
|
else if (u >= (unsigned)INT_MIN) /* wrap in cast _to_ unsigned is OK */
|
|
return INT_MIN + (int)(u - (unsigned)INT_MIN);
|
|
else
|
|
return INT_MIN; /* fallback; should never occur on binary machines */
|
|
}
|
|
|
|
char *fgetline(FILE *fp);
|
|
char *chomp(char *str);
|
|
bool strstartswith(const char *s, const char *t);
|
|
bool strendswith(const char *s, const char *t);
|
|
|
|
void base64_encode_atom(const unsigned char *data, int n, char *out);
|
|
int base64_decode_atom(const char *atom, unsigned char *out);
|
|
|
|
struct bufchain_granule;
|
|
struct bufchain_tag {
|
|
struct bufchain_granule *head, *tail;
|
|
int buffersize; /* current amount of buffered data */
|
|
|
|
void (*queue_idempotent_callback)(IdempotentCallback *ic);
|
|
IdempotentCallback *ic;
|
|
};
|
|
|
|
void bufchain_init(bufchain *ch);
|
|
void bufchain_clear(bufchain *ch);
|
|
int bufchain_size(bufchain *ch);
|
|
void bufchain_add(bufchain *ch, const void *data, int len);
|
|
void bufchain_prefix(bufchain *ch, void **data, int *len);
|
|
void bufchain_consume(bufchain *ch, int len);
|
|
void bufchain_fetch(bufchain *ch, void *data, int len);
|
|
void bufchain_fetch_consume(bufchain *ch, void *data, int len);
|
|
bool bufchain_try_fetch_consume(bufchain *ch, void *data, int len);
|
|
int bufchain_fetch_consume_up_to(bufchain *ch, void *data, int len);
|
|
void bufchain_set_callback_inner(
|
|
bufchain *ch, IdempotentCallback *ic,
|
|
void (*queue_idempotent_callback)(IdempotentCallback *ic));
|
|
static inline void bufchain_set_callback(bufchain *ch, IdempotentCallback *ic)
|
|
{
|
|
extern void queue_idempotent_callback(struct IdempotentCallback *ic);
|
|
/* Wrapper that puts in the standard queue_idempotent_callback
|
|
* function. Lives here rather than in utils.c so that standalone
|
|
* programs can use the bufchain facility without this optional
|
|
* callback feature and not need to provide a stub of
|
|
* queue_idempotent_callback. */
|
|
bufchain_set_callback_inner(ch, ic, queue_idempotent_callback);
|
|
}
|
|
|
|
void sanitise_term_data(bufchain *out, const void *vdata, int len);
|
|
|
|
bool validate_manual_hostkey(char *key);
|
|
|
|
struct tm ltime(void);
|
|
|
|
/*
|
|
* Special form of strcmp which can cope with NULL inputs. NULL is
|
|
* defined to sort before even the empty string.
|
|
*/
|
|
int nullstrcmp(const char *a, const char *b);
|
|
|
|
static inline ptrlen make_ptrlen(const void *ptr, size_t len)
|
|
{
|
|
ptrlen pl;
|
|
pl.ptr = ptr;
|
|
pl.len = len;
|
|
return pl;
|
|
}
|
|
|
|
static inline ptrlen ptrlen_from_asciz(const char *str)
|
|
{
|
|
return make_ptrlen(str, strlen(str));
|
|
}
|
|
|
|
static inline ptrlen ptrlen_from_strbuf(strbuf *sb)
|
|
{
|
|
return make_ptrlen(sb->u, sb->len);
|
|
}
|
|
|
|
bool ptrlen_eq_string(ptrlen pl, const char *str);
|
|
bool ptrlen_eq_ptrlen(ptrlen pl1, ptrlen pl2);
|
|
bool ptrlen_startswith(ptrlen whole, ptrlen prefix, ptrlen *tail);
|
|
char *mkstr(ptrlen pl);
|
|
int string_length_for_printf(size_t);
|
|
/* Derive two printf arguments from a ptrlen, suitable for "%.*s" */
|
|
#define PTRLEN_PRINTF(pl) \
|
|
string_length_for_printf((pl).len), (const char *)(pl).ptr
|
|
/* Make a ptrlen out of a compile-time string literal. We try to
|
|
* enforce that it _is_ a string literal by token-pasting "" on to it,
|
|
* which should provoke a compile error if it's any other kind of
|
|
* string. */
|
|
#define PTRLEN_LITERAL(stringlit) \
|
|
TYPECHECK("" stringlit "", make_ptrlen(stringlit, sizeof(stringlit)-1))
|
|
|
|
/* Wipe sensitive data out of memory that's about to be freed. Simpler
|
|
* than memset because we don't need the fill char parameter; also
|
|
* attempts (by fiddly use of volatile) to inhibit the compiler from
|
|
* over-cleverly trying to optimise the memset away because it knows
|
|
* the variable is going out of scope. */
|
|
void smemclr(void *b, size_t len);
|
|
|
|
/* Compare two fixed-length chunks of memory for equality, without
|
|
* data-dependent control flow (so an attacker with a very accurate
|
|
* stopwatch can't try to guess where the first mismatching byte was).
|
|
* Returns false for mismatch or true for equality (unlike memcmp),
|
|
* hinted at by the 'eq' in the name. */
|
|
bool smemeq(const void *av, const void *bv, size_t len);
|
|
|
|
char *buildinfo(const char *newline);
|
|
|
|
/*
|
|
* A function you can put at points in the code where execution should
|
|
* never reach in the first place. Better than assert(false), or even
|
|
* assert(false && "some explanatory message"), because some compilers
|
|
* don't interpret assert(false) as a declaration of unreachability,
|
|
* so they may still warn about pointless things like some variable
|
|
* not being initialised on the unreachable code path.
|
|
*
|
|
* I follow the assertion with a call to abort() just in case someone
|
|
* compiles with -DNDEBUG, and I wrap that abort inside my own
|
|
* function labelled NORETURN just in case some unusual kind of system
|
|
* header wasn't foresighted enough to label abort() itself that way.
|
|
*/
|
|
static inline NORETURN void unreachable_internal(void) { abort(); }
|
|
#define unreachable(msg) (assert(false && msg), unreachable_internal())
|
|
|
|
/*
|
|
* Debugging functions.
|
|
*
|
|
* Output goes to debug.log
|
|
*
|
|
* debug() is like printf().
|
|
*
|
|
* dmemdump() and dmemdumpl() both do memory dumps. The difference
|
|
* is that dmemdumpl() is more suited for when the memory address is
|
|
* important (say because you'll be recording pointer values later
|
|
* on). dmemdump() is more concise.
|
|
*/
|
|
|
|
#ifdef DEBUG
|
|
void debug_printf(const char *fmt, ...);
|
|
void debug_memdump(const void *buf, int len, bool L);
|
|
#define debug(...) (debug_printf(__VA_ARGS__))
|
|
#define dmemdump(buf,len) debug_memdump (buf, len, false);
|
|
#define dmemdumpl(buf,len) debug_memdump (buf, len, true);
|
|
#else
|
|
#define debug(...)
|
|
#define dmemdump(buf,len)
|
|
#define dmemdumpl(buf,len)
|
|
#endif
|
|
|
|
#ifndef lenof
|
|
#define lenof(x) ( (sizeof((x))) / (sizeof(*(x))))
|
|
#endif
|
|
|
|
#ifndef min
|
|
#define min(x,y) ( (x) < (y) ? (x) : (y) )
|
|
#endif
|
|
#ifndef max
|
|
#define max(x,y) ( (x) > (y) ? (x) : (y) )
|
|
#endif
|
|
|
|
#define GET_64BIT_LSB_FIRST(cp) \
|
|
(((uint64_t)(unsigned char)(cp)[0]) | \
|
|
((uint64_t)(unsigned char)(cp)[1] << 8) | \
|
|
((uint64_t)(unsigned char)(cp)[2] << 16) | \
|
|
((uint64_t)(unsigned char)(cp)[3] << 24) | \
|
|
((uint64_t)(unsigned char)(cp)[4] << 32) | \
|
|
((uint64_t)(unsigned char)(cp)[5] << 40) | \
|
|
((uint64_t)(unsigned char)(cp)[6] << 48) | \
|
|
((uint64_t)(unsigned char)(cp)[7] << 56))
|
|
|
|
#define PUT_64BIT_LSB_FIRST(cp, value) ( \
|
|
(cp)[0] = (unsigned char)(value), \
|
|
(cp)[1] = (unsigned char)((value) >> 8), \
|
|
(cp)[2] = (unsigned char)((value) >> 16), \
|
|
(cp)[3] = (unsigned char)((value) >> 24), \
|
|
(cp)[4] = (unsigned char)((value) >> 32), \
|
|
(cp)[5] = (unsigned char)((value) >> 40), \
|
|
(cp)[6] = (unsigned char)((value) >> 48), \
|
|
(cp)[7] = (unsigned char)((value) >> 56) )
|
|
|
|
#define GET_32BIT_LSB_FIRST(cp) \
|
|
(((uint32_t)(unsigned char)(cp)[0]) | \
|
|
((uint32_t)(unsigned char)(cp)[1] << 8) | \
|
|
((uint32_t)(unsigned char)(cp)[2] << 16) | \
|
|
((uint32_t)(unsigned char)(cp)[3] << 24))
|
|
|
|
#define PUT_32BIT_LSB_FIRST(cp, value) ( \
|
|
(cp)[0] = (unsigned char)(value), \
|
|
(cp)[1] = (unsigned char)((value) >> 8), \
|
|
(cp)[2] = (unsigned char)((value) >> 16), \
|
|
(cp)[3] = (unsigned char)((value) >> 24) )
|
|
|
|
#define GET_16BIT_LSB_FIRST(cp) \
|
|
(((unsigned long)(unsigned char)(cp)[0]) | \
|
|
((unsigned long)(unsigned char)(cp)[1] << 8))
|
|
|
|
#define PUT_16BIT_LSB_FIRST(cp, value) ( \
|
|
(cp)[0] = (unsigned char)(value), \
|
|
(cp)[1] = (unsigned char)((value) >> 8) )
|
|
|
|
#define GET_32BIT_MSB_FIRST(cp) \
|
|
(((uint32_t)(unsigned char)(cp)[0] << 24) | \
|
|
((uint32_t)(unsigned char)(cp)[1] << 16) | \
|
|
((uint32_t)(unsigned char)(cp)[2] << 8) | \
|
|
((uint32_t)(unsigned char)(cp)[3]))
|
|
|
|
#define GET_32BIT(cp) GET_32BIT_MSB_FIRST(cp)
|
|
|
|
#define PUT_32BIT_MSB_FIRST(cp, value) ( \
|
|
(cp)[0] = (unsigned char)((value) >> 24), \
|
|
(cp)[1] = (unsigned char)((value) >> 16), \
|
|
(cp)[2] = (unsigned char)((value) >> 8), \
|
|
(cp)[3] = (unsigned char)(value) )
|
|
|
|
#define PUT_32BIT(cp, value) PUT_32BIT_MSB_FIRST(cp, value)
|
|
|
|
#define GET_64BIT_MSB_FIRST(cp) \
|
|
(((uint64_t)(unsigned char)(cp)[0] << 56) | \
|
|
((uint64_t)(unsigned char)(cp)[1] << 48) | \
|
|
((uint64_t)(unsigned char)(cp)[2] << 40) | \
|
|
((uint64_t)(unsigned char)(cp)[3] << 32) | \
|
|
((uint64_t)(unsigned char)(cp)[4] << 24) | \
|
|
((uint64_t)(unsigned char)(cp)[5] << 16) | \
|
|
((uint64_t)(unsigned char)(cp)[6] << 8) | \
|
|
((uint64_t)(unsigned char)(cp)[7]))
|
|
|
|
#define PUT_64BIT_MSB_FIRST(cp, value) ( \
|
|
(cp)[0] = (unsigned char)((value) >> 56), \
|
|
(cp)[1] = (unsigned char)((value) >> 48), \
|
|
(cp)[2] = (unsigned char)((value) >> 40), \
|
|
(cp)[3] = (unsigned char)((value) >> 32), \
|
|
(cp)[4] = (unsigned char)((value) >> 24), \
|
|
(cp)[5] = (unsigned char)((value) >> 16), \
|
|
(cp)[6] = (unsigned char)((value) >> 8), \
|
|
(cp)[7] = (unsigned char)(value) )
|
|
|
|
#define GET_16BIT_MSB_FIRST(cp) \
|
|
(((unsigned long)(unsigned char)(cp)[0] << 8) | \
|
|
((unsigned long)(unsigned char)(cp)[1]))
|
|
|
|
#define PUT_16BIT_MSB_FIRST(cp, value) ( \
|
|
(cp)[0] = (unsigned char)((value) >> 8), \
|
|
(cp)[1] = (unsigned char)(value) )
|
|
|
|
/* Replace NULL with the empty string, permitting an idiom in which we
|
|
* get a string (pointer,length) pair that might be NULL,0 and can
|
|
* then safely say things like printf("%.*s", length, NULLTOEMPTY(ptr)) */
|
|
#define NULLTOEMPTY(s) ((s)?(s):"")
|
|
|
|
#endif
|