summaryrefslogtreecommitdiff
path: root/lib/util
diff options
context:
space:
mode:
Diffstat (limited to 'lib/util')
-rw-r--r--lib/util/string_wrappers.h132
1 files changed, 132 insertions, 0 deletions
diff --git a/lib/util/string_wrappers.h b/lib/util/string_wrappers.h
new file mode 100644
index 0000000000..31d0a92252
--- /dev/null
+++ b/lib/util/string_wrappers.h
@@ -0,0 +1,132 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ string wrappers, for checking string sizes
+
+ Copyright (C) Andrew Tridgell 1994-2011
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _STRING_WRAPPERS_H
+#define _STRING_WRAPPERS_H
+
+/* We need a number of different prototypes for our
+ non-existant fuctions */
+char * __unsafe_string_function_usage_here__(void);
+
+size_t __unsafe_string_function_usage_here_size_t__(void);
+
+size_t __unsafe_string_function_usage_here_char__(void);
+
+#ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
+
+/* if the compiler will optimize out function calls, then use this to tell if we are
+ have the correct types (this works only where sizeof() returns the size of the buffer, not
+ the size of the pointer). */
+
+#define CHECK_STRING_SIZE(d, len) (sizeof(d) != (len) && sizeof(d) != sizeof(char *))
+
+#else /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */
+
+#endif /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */
+
+#define safe_strcpy_base(dest, src, base, size) \
+ safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1)
+
+/* String copy functions - macro hell below adds 'type checking' (limited,
+ but the best we can do in C) */
+
+#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
+#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1)
+#define nstrcpy(d,s) safe_strcpy((d), (s),sizeof(nstring)-1)
+#define unstrcpy(d,s) safe_strcpy((d), (s),sizeof(unstring)-1)
+
+/* the addition of the DEVELOPER checks in safe_strcpy means we must
+ * update a lot of code. To make this a little easier here are some
+ * functions that provide the lengths with less pain */
+
+/* overmalloc_safe_strcpy: DEPRECATED! Used when you know the
+ * destination buffer is longer than maxlength, but you don't know how
+ * long. This is not a good situation, because we can't do the normal
+ * sanity checks. Don't use in new code! */
+
+#define overmalloc_safe_strcpy(dest,src,maxlength) \
+ safe_strcpy_fn(dest,src,maxlength)
+
+#ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
+
+/* if the compiler will optimize out function calls, then use this to tell if we are
+ have the correct types (this works only where sizeof() returns the size of the buffer, not
+ the size of the pointer). */
+
+#define safe_strcpy(d, s, max_len) \
+ (CHECK_STRING_SIZE(d, max_len+1) \
+ ? __unsafe_string_function_usage_here__() \
+ : safe_strcpy_fn((d), (s), (max_len)))
+
+#define safe_strcat(d, s, max_len) \
+ (CHECK_STRING_SIZE(d, max_len+1) \
+ ? __unsafe_string_function_usage_here__() \
+ : safe_strcat_fn((d), (s), (max_len)))
+
+#define push_string_check(dest, src, dest_len, flags) \
+ (CHECK_STRING_SIZE(dest, dest_len) \
+ ? __unsafe_string_function_usage_here_size_t__() \
+ : push_string_check_fn(dest, src, dest_len, flags))
+
+#define pull_string_talloc(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) \
+ pull_string_talloc_fn(ctx, base_ptr, smb_flags2, dest, src, src_len, flags)
+
+#define clistr_push(cli, dest, src, dest_len, flags) \
+ (CHECK_STRING_SIZE(dest, dest_len) \
+ ? __unsafe_string_function_usage_here_size_t__() \
+ : clistr_push_fn(cli, dest, src, dest_len, flags))
+
+#define clistr_pull(inbuf, dest, src, dest_len, srclen, flags) \
+ (CHECK_STRING_SIZE(dest, dest_len) \
+ ? __unsafe_string_function_usage_here_size_t__() \
+ : clistr_pull_fn(inbuf, dest, src, dest_len, srclen, flags))
+
+#define srvstr_push(base_ptr, smb_flags2, dest, src, dest_len, flags) \
+ (CHECK_STRING_SIZE(dest, dest_len) \
+ ? __unsafe_string_function_usage_here_size_t__() \
+ : srvstr_push_fn(base_ptr, smb_flags2, dest, src, dest_len, flags))
+
+/* This allows the developer to choose to check the arguments to
+ strlcpy. if the compiler will optimize out function calls, then
+ use this to tell if we are have the correct size buffer (this works only
+ where sizeof() returns the size of the buffer, not the size of the
+ pointer), so stack and static variables only */
+
+#define checked_strlcpy(dest, src, size) \
+ (sizeof(dest) != (size) \
+ ? __unsafe_string_function_usage_here_size_t__() \
+ : strlcpy(dest, src, size))
+
+#else
+
+#define safe_strcpy safe_strcpy_fn
+#define safe_strcat safe_strcat_fn
+#define push_string_check push_string_check_fn
+#define pull_string_talloc pull_string_talloc_fn
+#define clistr_push clistr_push_fn
+#define clistr_pull clistr_pull_fn
+#define srvstr_push srvstr_push_fn
+#define checked_strlcpy strlcpy
+
+#endif
+
+#endif