-/* -*- mode: C; c-file-style: "gnu" -*- */
-/* dbus-string.c String utility class (internal to D-BUS implementation)
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
+/* dbus-string.c String utility class (internal to D-Bus implementation)
*
* Copyright (C) 2002, 2003, 2004, 2005 Red Hat, Inc.
+ * Copyright (C) 2006 Ralf Habacker <ralf.habacker@freenet.de>
*
* Licensed under the Academic Free License version 2.1
*
#include "dbus-sysdeps.h"
/**
- * @defgroup DBusString string class
+ * @defgroup DBusString DBusString class
* @ingroup DBusInternals
- * @brief DBusString data structure
+ * @brief DBusString data structure for safer string handling
*
* Types and functions related to DBusString. DBusString is intended
* to be a string class that makes it hard to mess up security issues
static void
fixup_alignment (DBusRealString *real)
{
- char *aligned;
- char *real_block;
+ unsigned char *aligned;
+ unsigned char *real_block;
unsigned int old_align_offset;
/* we have to have extra space in real->allocated for the align offset and nul byte */
DBusRealString *real;
_dbus_assert (str != NULL);
- _dbus_assert (value != NULL);
+ _dbus_assert (len == 0 || value != NULL);
_dbus_assert (len <= _DBUS_STRING_MAX_MAX_LENGTH);
_dbus_assert (len >= 0);
real = (DBusRealString*) str;
- real->str = (char*) value;
+ real->str = (unsigned char*) value;
real->len = len;
real->allocated = real->len + _DBUS_STRING_ALLOCATION_PADDING; /* a lie, just to avoid special-case assertions... */
real->max_length = real->len + 1;
real->invalid = TRUE;
}
+static dbus_bool_t
+compact (DBusRealString *real,
+ int max_waste)
+{
+ unsigned char *new_str;
+ int new_allocated;
+ int waste;
+
+ waste = real->allocated - (real->len + _DBUS_STRING_ALLOCATION_PADDING);
+
+ if (waste <= max_waste)
+ return TRUE;
+
+ new_allocated = real->len + _DBUS_STRING_ALLOCATION_PADDING;
+
+ new_str = dbus_realloc (real->str - real->align_offset, new_allocated);
+ if (_DBUS_UNLIKELY (new_str == NULL))
+ return FALSE;
+
+ real->str = new_str + real->align_offset;
+ real->allocated = new_allocated;
+ fixup_alignment (real);
+
+ return TRUE;
+}
+
#ifdef DBUS_BUILD_TESTS
/* Not using this feature at the moment,
* so marked DBUS_BUILD_TESTS-only
* we know we won't change the string further
*/
#define MAX_WASTE 48
- if (real->allocated - MAX_WASTE > real->len)
- {
- char *new_str;
- int new_allocated;
-
- new_allocated = real->len + _DBUS_STRING_ALLOCATION_PADDING;
-
- new_str = dbus_realloc (real->str - real->align_offset,
- new_allocated);
- if (new_str != NULL)
- {
- real->str = new_str + real->align_offset;
- real->allocated = new_allocated;
- fixup_alignment (real);
- }
- }
+ compact (real, MAX_WASTE);
}
#endif /* DBUS_BUILD_TESTS */
int new_length)
{
int new_allocated;
- char *new_str;
+ unsigned char *new_str;
/* at least double our old allocation to avoid O(n), avoiding
* overflow
return TRUE;
}
+/**
+ * Compacts the string to avoid wasted memory. Wasted memory is
+ * memory that is allocated but not actually required to store the
+ * current length of the string. The compact is only done if more
+ * than the given amount of memory is being wasted (otherwise the
+ * waste is ignored and the call does nothing).
+ *
+ * @param str the string
+ * @param max_waste the maximum amount of waste to ignore
+ * @returns #FALSE if the compact failed due to realloc failure
+ */
+dbus_bool_t
+_dbus_string_compact (DBusString *str,
+ int max_waste)
+{
+ DBUS_STRING_PREAMBLE (str);
+
+ return compact (real, max_waste);
+}
+
static dbus_bool_t
set_length (DBusRealString *real,
int new_length)
{
DBUS_STRING_PREAMBLE (str);
- return real->str;
+ return (char*) real->str;
}
#endif /* _dbus_string_get_data */
{
DBUS_CONST_STRING_PREAMBLE (str);
- return real->str;
+ return (const char*) real->str;
}
#endif /* _dbus_string_get_const_data */
_dbus_assert (start <= real->len);
_dbus_assert (len <= real->len - start);
- return real->str + start;
+ return (char*) real->str + start;
}
/* only do the function if we don't have the macro */
_dbus_assert (start <= real->len);
_dbus_assert (len <= real->len - start);
- return real->str + start;
+ return (const char*) real->str + start;
}
#endif /* _dbus_string_get_const_data_len */
undo_alignment (real);
- *data_return = real->str;
+ *data_return = (char*) real->str;
old_max_length = real->max_length;
if (!_dbus_string_init (str))
{
/* hrm, put it back then */
- real->str = *data_return;
+ real->str = (unsigned char*) *data_return;
*data_return = NULL;
fixup_alignment (real);
return FALSE;
return TRUE;
}
+/**
+ * Copies the contents of a DBusString into a different
+ * buffer. The resulting buffer will be nul-terminated.
+ *
+ * @param str a string
+ * @param buffer a C buffer to copy data to
+ * @param avail_len maximum length of C buffer
+ */
+void
+_dbus_string_copy_to_buffer (const DBusString *str,
+ char *buffer,
+ int avail_len)
+{
+ int copy_len;
+ DBUS_CONST_STRING_PREAMBLE (str);
+
+ _dbus_assert (avail_len >= 0);
+
+ copy_len = MIN (avail_len, real->len+1);
+ memcpy (buffer, real->str, copy_len);
+ if (avail_len > 0 && avail_len == copy_len)
+ buffer[avail_len-1] = '\0';
+}
+
#ifdef DBUS_BUILD_TESTS
/**
* Copies a segment of the string into a char*
return append (real, buffer, buffer_len);
}
+/** assign 2 bytes from one string to another */
+#define ASSIGN_2_OCTETS(p, octets) \
+ *((dbus_uint16_t*)(p)) = *((dbus_uint16_t*)(octets));
/** assign 4 bytes from one string to another */
#define ASSIGN_4_OCTETS(p, octets) \
#endif /* DBUS_BUILD_TESTS */
/**
+ * Inserts 2 bytes aligned on a 2 byte boundary
+ * with any alignment padding initialized to 0.
+ *
+ * @param str the DBusString
+ * @param insert_at where to insert
+ * @param octets 2 bytes to insert
+ * @returns #FALSE if not enough memory.
+ */
+dbus_bool_t
+_dbus_string_insert_2_aligned (DBusString *str,
+ int insert_at,
+ const unsigned char octets[4])
+{
+ DBUS_STRING_PREAMBLE (str);
+
+ if (!align_insert_point_then_open_gap (str, &insert_at, 2, 2))
+ return FALSE;
+
+ ASSIGN_2_OCTETS (real->str + insert_at, octets);
+
+ return TRUE;
+}
+
+/**
* Inserts 4 bytes aligned on a 4 byte boundary
* with any alignment padding initialized to 0.
*
*
* @param str the DBusString
* @param insert_at location to be aligned
- * @param alignment alignment boundary (1, 4, or 8)
+ * @param alignment alignment boundary (1, 2, 4, or 8)
* @returns #FALSE if not enough memory.
*/
dbus_bool_t
va_list args)
{
int len;
- char c;
va_list args_copy;
DBUS_STRING_PREAMBLE (str);
DBUS_VA_COPY (args_copy, args);
/* Measure the message length without terminating nul */
- len = vsnprintf (&c, 1, format, args);
+ len = _dbus_printf_string_upper_bound (format, args);
if (!_dbus_string_lengthen (str, len))
{
return FALSE;
}
- vsprintf (real->str + (real->len - len),
+ vsprintf ((char*) (real->str + (real->len - len)),
format, args_copy);
va_end (args_copy);
int len;
int first;
int i;
- char *out;
+ unsigned char *out;
DBUS_STRING_PREAMBLE (str);
if (!open_gap (len, dest, insert_at))
return FALSE;
- memcpy (dest->str + insert_at,
- source->str + start,
- len);
+ memmove (dest->str + insert_at,
+ source->str + start,
+ len);
return TRUE;
}
}
/**
+ * Finds end of line ("\r\n" or "\n") in the string,
+ * returning #TRUE and filling in the byte index
+ * where the eol string was found, if it was found.
+ * Returns #FALSE if eol wasn't found.
+ *
+ * @param str the string
+ * @param start where to start looking
+ * @param found return location for where eol was found or string length otherwise
+ * @param found_len return length of found eol string or zero otherwise
+ * @returns #TRUE if found
+ */
+dbus_bool_t
+_dbus_string_find_eol (const DBusString *str,
+ int start,
+ int *found,
+ int *found_len)
+{
+ int i;
+
+ DBUS_CONST_STRING_PREAMBLE (str);
+ _dbus_assert (start <= real->len);
+ _dbus_assert (start >= 0);
+
+ i = start;
+ while (i < real->len)
+ {
+ if (real->str[i] == '\r')
+ {
+ if ((i+1) < real->len && real->str[i+1] == '\n') /* "\r\n" */
+ {
+ if (found)
+ *found = i;
+ if (found_len)
+ *found_len = 2;
+ return TRUE;
+ }
+ else /* only "\r" */
+ {
+ if (found)
+ *found = i;
+ if (found_len)
+ *found_len = 1;
+ return TRUE;
+ }
+ }
+ else if (real->str[i] == '\n') /* only "\n" */
+ {
+ if (found)
+ *found = i;
+ if (found_len)
+ *found_len = 1;
+ return TRUE;
+ }
+ ++i;
+ }
+
+ if (found)
+ *found = real->len;
+
+ if (found_len)
+ *found_len = 0;
+
+ return FALSE;
+}
+
+/**
* Finds the given substring in the string,
* up to a certain position,
* returning #TRUE and filling in the byte index
i = start;
while (i < real->len)
{
- if (!(real->str[i] == ' ' ||
- real->str[i] == '\t'))
+ if (!DBUS_IS_ASCII_BLANK (real->str[i]))
+ break;
+
+ ++i;
+ }
+
+ _dbus_assert (i == real->len || !DBUS_IS_ASCII_WHITE (real->str[i]));
+
+ if (end)
+ *end = i;
+}
+
+
+/**
+ * Skips whitespace from start, storing the first non-whitespace in *end.
+ * (whitespace is space, tab, newline, CR).
+ *
+ * @param str the string
+ * @param start where to start
+ * @param end where to store the first non-whitespace byte index
+ */
+void
+_dbus_string_skip_white (const DBusString *str,
+ int start,
+ int *end)
+{
+ int i;
+ DBUS_CONST_STRING_PREAMBLE (str);
+ _dbus_assert (start <= real->len);
+ _dbus_assert (start >= 0);
+
+ i = start;
+ while (i < real->len)
+ {
+ if (!DBUS_IS_ASCII_WHITE (real->str[i]))
break;
++i;
}
- _dbus_assert (i == real->len || !(real->str[i] == ' ' ||
- real->str[i] == '\t'));
+ _dbus_assert (i == real->len || !(DBUS_IS_ASCII_WHITE (real->str[i])));
if (end)
*end = i;
}
/**
+ * Skips whitespace from end, storing the start index of the trailing
+ * whitespace in *start. (whitespace is space, tab, newline, CR).
+ *
+ * @param str the string
+ * @param end where to start scanning backward
+ * @param start where to store the start of whitespace chars
+ */
+void
+_dbus_string_skip_white_reverse (const DBusString *str,
+ int end,
+ int *start)
+{
+ int i;
+ DBUS_CONST_STRING_PREAMBLE (str);
+ _dbus_assert (end <= real->len);
+ _dbus_assert (end >= 0);
+
+ i = end;
+ while (i > 0)
+ {
+ if (!DBUS_IS_ASCII_WHITE (real->str[i-1]))
+ break;
+ --i;
+ }
+
+ _dbus_assert (i >= 0 && (i == 0 || !(DBUS_IS_ASCII_WHITE (real->str[i-1]))));
+
+ if (start)
+ *start = i;
+}
+
+/**
* Assigns a newline-terminated or \\r\\n-terminated line from the front
* of the string to the given dest string. The dest string's previous
* contents are deleted. If the source string contains no newline,
* @todo owen correctly notes that this is a stupid function (it was
* written purely for test code,
* e.g. dbus-message-builder.c). Probably should be enforced as test
- * code only with #ifdef DBUS_BUILD_TESTS
+ * code only with ifdef DBUS_BUILD_TESTS
*
* @param source the source string
* @param dest the destination string (contents are replaced)
_dbus_string_pop_line (DBusString *source,
DBusString *dest)
{
- int eol;
- dbus_bool_t have_newline;
+ int eol, eol_len;
_dbus_string_set_length (dest, 0);
eol = 0;
- if (_dbus_string_find (source, 0, "\n", &eol))
- {
- have_newline = TRUE;
- eol += 1; /* include newline */
- }
- else
+ eol_len = 0;
+ if (!_dbus_string_find_eol (source, 0, &eol, &eol_len))
{
- eol = _dbus_string_get_length (source);
- have_newline = FALSE;
+ _dbus_assert (eol == _dbus_string_get_length (source));
+ if (eol == 0)
+ {
+ /* If there's no newline and source has zero length, we're done */
+ return FALSE;
+ }
+ /* otherwise, the last line of the file has no eol characters */
}
- if (eol == 0)
- return FALSE; /* eof */
+ /* remember eol can be 0 if it's an empty line, but eol_len should not be zero also
+ * since find_eol returned TRUE
+ */
+
+ if (!_dbus_string_move_len (source, 0, eol + eol_len, dest, 0))
+ return FALSE;
- if (!_dbus_string_move_len (source, 0, eol,
- dest, 0))
+ /* remove line ending */
+ if (!_dbus_string_set_length (dest, eol))
{
+ _dbus_assert_not_reached ("out of memory when shortening a string");
return FALSE;
}
- /* dump the newline and the \r if we have one */
- if (have_newline)
- {
- dbus_bool_t have_cr;
-
- _dbus_assert (_dbus_string_get_length (dest) > 0);
-
- if (_dbus_string_get_length (dest) > 1 &&
- _dbus_string_get_byte (dest,
- _dbus_string_get_length (dest) - 2) == '\r')
- have_cr = TRUE;
- else
- have_cr = FALSE;
-
- _dbus_string_set_length (dest,
- _dbus_string_get_length (dest) -
- (have_cr ? 2 : 1));
- }
-
return TRUE;
}
#endif
/**
+ * Deletes leading and trailing whitespace
+ *
+ * @param str the string
+ */
+void
+_dbus_string_chop_white(DBusString *str)
+{
+ int i;
+
+ _dbus_string_skip_white (str, 0, &i);
+
+ if (i > 0)
+ _dbus_string_delete (str, 0, i);
+
+ _dbus_string_skip_white_reverse (str, _dbus_string_get_length (str), &i);
+
+ _dbus_string_set_length (str, i);
+}
+
+/**
* Tests two DBusString for equality.
*
* @todo memcmp is probably faster
#endif /* DBUS_BUILD_TESTS */
/**
+ * Appends a two-character hex digit to a string, where the hex digit
+ * has the value of the given byte.
+ *
+ * @param str the string
+ * @param byte the byte
+ * @returns #FALSE if no memory
+ */
+dbus_bool_t
+_dbus_string_append_byte_as_hex (DBusString *str,
+ int byte)
+{
+ const char hexdigits[16] = {
+ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
+ 'a', 'b', 'c', 'd', 'e', 'f'
+ };
+
+ if (!_dbus_string_append_byte (str,
+ hexdigits[(byte >> 4)]))
+ return FALSE;
+
+ if (!_dbus_string_append_byte (str,
+ hexdigits[(byte & 0x0f)]))
+ {
+ _dbus_string_set_length (str,
+ _dbus_string_get_length (str) - 1);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
* Encodes a string in hex, the way MD5 and SHA-1 are usually
* encoded. (Each byte is two hex digits.)
*
int insert_at)
{
DBusString result;
- const char hexdigits[16] = {
- '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
- 'a', 'b', 'c', 'd', 'e', 'f'
- };
const unsigned char *p;
const unsigned char *end;
dbus_bool_t retval;
while (p != end)
{
- if (!_dbus_string_append_byte (&result,
- hexdigits[(*p >> 4)]))
+ if (!_dbus_string_append_byte_as_hex (&result, *p))
goto out;
- if (!_dbus_string_append_byte (&result,
- hexdigits[(*p & 0x0f)]))
- goto out;
-
++p;
}
_dbus_assert (len >= 0);
/* we are doing _DBUS_UNLIKELY() here which might be
- * dubious in a generic library like GLib, but in D-BUS
+ * dubious in a generic library like GLib, but in D-Bus
* we know we're validating messages and that it would
* only be evil/broken apps that would have invalid
* UTF-8. Also, this function seems to be a performance
break;
/* Special-case ASCII; this makes us go a lot faster in
- * D-BUS profiles where we are typically validating
+ * D-Bus profiles where we are typically validating
* function names and such. We have to know that
* all following checks will pass for ASCII though,
* comments follow ...