f4ff9455 |
1 | /* |
2 | * Platform-independent routines shared between all PuTTY programs. |
3 | */ |
4 | |
374330e2 |
5 | #include <stdio.h> |
6 | #include <stdlib.h> |
1709795f |
7 | #include <stdarg.h> |
46cfeac8 |
8 | #include <limits.h> |
57356d63 |
9 | #include <ctype.h> |
5471d09a |
10 | #include <assert.h> |
374330e2 |
11 | #include "putty.h" |
12 | |
d57f70af |
13 | /* |
14 | * Parse a string block size specification. This is approximately a |
15 | * subset of the block size specs supported by GNU fileutils: |
16 | * "nk" = n kilobytes |
17 | * "nM" = n megabytes |
18 | * "nG" = n gigabytes |
19 | * All numbers are decimal, and suffixes refer to powers of two. |
20 | * Case-insensitive. |
21 | */ |
22 | unsigned long parse_blocksize(const char *bs) |
23 | { |
24 | char *suf; |
25 | unsigned long r = strtoul(bs, &suf, 10); |
26 | if (*suf != '\0') { |
0d119367 |
27 | while (*suf && isspace((unsigned char)*suf)) suf++; |
d57f70af |
28 | switch (*suf) { |
29 | case 'k': case 'K': |
30 | r *= 1024ul; |
31 | break; |
32 | case 'm': case 'M': |
33 | r *= 1024ul * 1024ul; |
34 | break; |
35 | case 'g': case 'G': |
36 | r *= 1024ul * 1024ul * 1024ul; |
37 | break; |
38 | case '\0': |
39 | default: |
40 | break; |
41 | } |
42 | } |
43 | return r; |
44 | } |
45 | |
d45d4c07 |
46 | /* |
47 | * Parse a ^C style character specification. |
48 | * Returns NULL in `next' if we didn't recognise it as a control character, |
49 | * in which case `c' should be ignored. |
50 | * The precise current parsing is an oddity inherited from the terminal |
447940b3 |
51 | * answerback-string parsing code. All sequences start with ^; all except |
52 | * ^<123> are two characters. The ones that are worth keeping are probably: |
d45d4c07 |
53 | * ^? 127 |
54 | * ^@A-Z[\]^_ 0-31 |
55 | * a-z 1-26 |
447940b3 |
56 | * <num> specified by number (decimal, 0octal, 0xHEX) |
d45d4c07 |
57 | * ~ ^ escape |
58 | */ |
59 | char ctrlparse(char *s, char **next) |
60 | { |
61 | char c = 0; |
62 | if (*s != '^') { |
63 | *next = NULL; |
d45d4c07 |
64 | } else { |
65 | s++; |
66 | if (*s == '\0') { |
67 | *next = NULL; |
447940b3 |
68 | } else if (*s == '<') { |
69 | s++; |
70 | c = (char)strtol(s, next, 0); |
71 | if ((*next == s) || (**next != '>')) { |
72 | c = 0; |
73 | *next = NULL; |
74 | } else |
75 | (*next)++; |
d45d4c07 |
76 | } else if (*s >= 'a' && *s <= 'z') { |
77 | c = (*s - ('a' - 1)); |
447940b3 |
78 | *next = s+1; |
d45d4c07 |
79 | } else if ((*s >= '@' && *s <= '_') || *s == '?' || (*s & 0x80)) { |
80 | c = ('@' ^ *s); |
447940b3 |
81 | *next = s+1; |
d45d4c07 |
82 | } else if (*s == '~') { |
83 | c = '^'; |
447940b3 |
84 | *next = s+1; |
d45d4c07 |
85 | } |
d45d4c07 |
86 | } |
447940b3 |
87 | return c; |
d45d4c07 |
88 | } |
89 | |
edd0cb8a |
90 | prompts_t *new_prompts(void *frontend) |
91 | { |
92 | prompts_t *p = snew(prompts_t); |
93 | p->prompts = NULL; |
94 | p->n_prompts = 0; |
95 | p->frontend = frontend; |
96 | p->data = NULL; |
97 | p->to_server = TRUE; /* to be on the safe side */ |
98 | p->name = p->instruction = NULL; |
99 | p->name_reqd = p->instr_reqd = FALSE; |
100 | return p; |
101 | } |
b61f81bc |
102 | void add_prompt(prompts_t *p, char *promptstr, int echo) |
edd0cb8a |
103 | { |
104 | prompt_t *pr = snew(prompt_t); |
edd0cb8a |
105 | pr->prompt = promptstr; |
106 | pr->echo = echo; |
b61f81bc |
107 | pr->result = NULL; |
108 | pr->resultsize = 0; |
edd0cb8a |
109 | p->n_prompts++; |
110 | p->prompts = sresize(p->prompts, p->n_prompts, prompt_t *); |
111 | p->prompts[p->n_prompts-1] = pr; |
112 | } |
b61f81bc |
113 | void prompt_ensure_result_size(prompt_t *pr, int newlen) |
114 | { |
115 | if ((int)pr->resultsize < newlen) { |
116 | char *newbuf; |
117 | newlen = newlen * 5 / 4 + 512; /* avoid too many small allocs */ |
118 | |
119 | /* |
120 | * We don't use sresize / realloc here, because we will be |
121 | * storing sensitive stuff like passwords in here, and we want |
122 | * to make sure that the data doesn't get copied around in |
123 | * memory without the old copy being destroyed. |
124 | */ |
125 | newbuf = snewn(newlen, char); |
126 | memcpy(newbuf, pr->result, pr->resultsize); |
dfb88efd |
127 | smemclr(pr->result, pr->resultsize); |
b61f81bc |
128 | sfree(pr->result); |
129 | pr->result = newbuf; |
130 | pr->resultsize = newlen; |
131 | } |
132 | } |
133 | void prompt_set_result(prompt_t *pr, const char *newstr) |
134 | { |
135 | prompt_ensure_result_size(pr, strlen(newstr) + 1); |
136 | strcpy(pr->result, newstr); |
137 | } |
edd0cb8a |
138 | void free_prompts(prompts_t *p) |
139 | { |
140 | size_t i; |
141 | for (i=0; i < p->n_prompts; i++) { |
142 | prompt_t *pr = p->prompts[i]; |
dfb88efd |
143 | smemclr(pr->result, pr->resultsize); /* burn the evidence */ |
edd0cb8a |
144 | sfree(pr->result); |
145 | sfree(pr->prompt); |
146 | sfree(pr); |
147 | } |
148 | sfree(p->prompts); |
149 | sfree(p->name); |
150 | sfree(p->instruction); |
151 | sfree(p); |
152 | } |
153 | |
03f64569 |
154 | /* ---------------------------------------------------------------------- |
155 | * String handling routines. |
156 | */ |
157 | |
57356d63 |
158 | char *dupstr(const char *s) |
03f64569 |
159 | { |
6d113886 |
160 | char *p = NULL; |
161 | if (s) { |
162 | int len = strlen(s); |
163 | p = snewn(len + 1, char); |
164 | strcpy(p, s); |
165 | } |
03f64569 |
166 | return p; |
167 | } |
168 | |
169 | /* Allocate the concatenation of N strings. Terminate arg list with NULL. */ |
57356d63 |
170 | char *dupcat(const char *s1, ...) |
03f64569 |
171 | { |
172 | int len; |
173 | char *p, *q, *sn; |
174 | va_list ap; |
175 | |
176 | len = strlen(s1); |
177 | va_start(ap, s1); |
178 | while (1) { |
179 | sn = va_arg(ap, char *); |
180 | if (!sn) |
181 | break; |
182 | len += strlen(sn); |
183 | } |
184 | va_end(ap); |
185 | |
3d88e64d |
186 | p = snewn(len + 1, char); |
03f64569 |
187 | strcpy(p, s1); |
188 | q = p + strlen(p); |
189 | |
190 | va_start(ap, s1); |
191 | while (1) { |
192 | sn = va_arg(ap, char *); |
193 | if (!sn) |
194 | break; |
195 | strcpy(q, sn); |
196 | q += strlen(q); |
197 | } |
198 | va_end(ap); |
199 | |
200 | return p; |
201 | } |
202 | |
12b9e82d |
203 | void burnstr(char *string) /* sfree(str), only clear it first */ |
204 | { |
205 | if (string) { |
dfb88efd |
206 | smemclr(string, strlen(string)); |
12b9e82d |
207 | sfree(string); |
208 | } |
209 | } |
210 | |
b1650067 |
211 | int toint(unsigned u) |
212 | { |
213 | /* |
214 | * Convert an unsigned to an int, without running into the |
215 | * undefined behaviour which happens by the strict C standard if |
216 | * the value overflows. You'd hope that sensible compilers would |
217 | * do the sensible thing in response to a cast, but actually I |
218 | * don't trust modern compilers not to do silly things like |
219 | * assuming that _obviously_ you wouldn't have caused an overflow |
220 | * and so they can elide an 'if (i < 0)' test immediately after |
221 | * the cast. |
222 | * |
223 | * Sensible compilers ought of course to optimise this entire |
224 | * function into 'just return the input value'! |
225 | */ |
226 | if (u <= (unsigned)INT_MAX) |
227 | return (int)u; |
228 | else if (u >= (unsigned)INT_MIN) /* wrap in cast _to_ unsigned is OK */ |
229 | return INT_MIN + (int)(u - (unsigned)INT_MIN); |
230 | else |
231 | return INT_MIN; /* fallback; should never occur on binary machines */ |
232 | } |
233 | |
57356d63 |
234 | /* |
235 | * Do an sprintf(), but into a custom-allocated buffer. |
236 | * |
28da9e3d |
237 | * Currently I'm doing this via vsnprintf. This has worked so far, |
e1ef3c29 |
238 | * but it's not good, because vsnprintf is not available on all |
239 | * platforms. There's an ifdef to use `_vsnprintf', which seems |
240 | * to be the local name for it on Windows. Other platforms may |
241 | * lack it completely, in which case it'll be time to rewrite |
242 | * this function in a totally different way. |
28da9e3d |
243 | * |
244 | * The only `properly' portable solution I can think of is to |
245 | * implement my own format string scanner, which figures out an |
246 | * upper bound for the length of each formatting directive, |
247 | * allocates the buffer as it goes along, and calls sprintf() to |
248 | * actually process each directive. If I ever need to actually do |
249 | * this, some caveats: |
250 | * |
251 | * - It's very hard to find a reliable upper bound for |
252 | * floating-point values. %f, in particular, when supplied with |
253 | * a number near to the upper or lower limit of representable |
254 | * numbers, could easily take several hundred characters. It's |
255 | * probably feasible to predict this statically using the |
256 | * constants in <float.h>, or even to predict it dynamically by |
257 | * looking at the exponent of the specific float provided, but |
258 | * it won't be fun. |
259 | * |
260 | * - Don't forget to _check_, after calling sprintf, that it's |
261 | * used at most the amount of space we had available. |
262 | * |
263 | * - Fault any formatting directive we don't fully understand. The |
264 | * aim here is to _guarantee_ that we never overflow the buffer, |
265 | * because this is a security-critical function. If we see a |
266 | * directive we don't know about, we should panic and die rather |
267 | * than run any risk. |
57356d63 |
268 | */ |
269 | char *dupprintf(const char *fmt, ...) |
270 | { |
271 | char *ret; |
272 | va_list ap; |
273 | va_start(ap, fmt); |
274 | ret = dupvprintf(fmt, ap); |
275 | va_end(ap); |
276 | return ret; |
277 | } |
278 | char *dupvprintf(const char *fmt, va_list ap) |
279 | { |
280 | char *buf; |
281 | int len, size; |
282 | |
3d88e64d |
283 | buf = snewn(512, char); |
57356d63 |
284 | size = 512; |
285 | |
286 | while (1) { |
287 | #ifdef _WINDOWS |
288 | #define vsnprintf _vsnprintf |
289 | #endif |
e1ef3c29 |
290 | #ifdef va_copy |
291 | /* Use the `va_copy' macro mandated by C99, if present. |
292 | * XXX some environments may have this as __va_copy() */ |
293 | va_list aq; |
294 | va_copy(aq, ap); |
295 | len = vsnprintf(buf, size, fmt, aq); |
296 | va_end(aq); |
297 | #else |
298 | /* Ugh. No va_copy macro, so do something nasty. |
299 | * Technically, you can't reuse a va_list like this: it is left |
300 | * unspecified whether advancing a va_list pointer modifies its |
301 | * value or something it points to, so on some platforms calling |
302 | * vsnprintf twice on the same va_list might fail hideously |
303 | * (indeed, it has been observed to). |
304 | * XXX the autoconf manual suggests that using memcpy() will give |
305 | * "maximum portability". */ |
57356d63 |
306 | len = vsnprintf(buf, size, fmt, ap); |
e1ef3c29 |
307 | #endif |
57356d63 |
308 | if (len >= 0 && len < size) { |
309 | /* This is the C99-specified criterion for snprintf to have |
310 | * been completely successful. */ |
311 | return buf; |
312 | } else if (len > 0) { |
313 | /* This is the C99 error condition: the returned length is |
314 | * the required buffer size not counting the NUL. */ |
315 | size = len + 1; |
316 | } else { |
317 | /* This is the pre-C99 glibc error condition: <0 means the |
318 | * buffer wasn't big enough, so we enlarge it a bit and hope. */ |
319 | size += 512; |
320 | } |
3d88e64d |
321 | buf = sresize(buf, size, char); |
57356d63 |
322 | } |
323 | } |
324 | |
39934deb |
325 | /* |
326 | * Read an entire line of text from a file. Return a buffer |
327 | * malloced to be as big as necessary (caller must free). |
328 | */ |
329 | char *fgetline(FILE *fp) |
330 | { |
331 | char *ret = snewn(512, char); |
332 | int size = 512, len = 0; |
333 | while (fgets(ret + len, size - len, fp)) { |
334 | len += strlen(ret + len); |
335 | if (ret[len-1] == '\n') |
336 | break; /* got a newline, we're done */ |
337 | size = len + 512; |
338 | ret = sresize(ret, size, char); |
339 | } |
340 | if (len == 0) { /* first fgets returned NULL */ |
341 | sfree(ret); |
342 | return NULL; |
343 | } |
344 | ret[len] = '\0'; |
345 | return ret; |
346 | } |
347 | |
03f64569 |
348 | /* ---------------------------------------------------------------------- |
1549e076 |
349 | * Base64 encoding routine. This is required in public-key writing |
350 | * but also in HTTP proxy handling, so it's centralised here. |
351 | */ |
352 | |
353 | void base64_encode_atom(unsigned char *data, int n, char *out) |
354 | { |
355 | static const char base64_chars[] = |
356 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; |
357 | |
358 | unsigned word; |
359 | |
360 | word = data[0] << 16; |
361 | if (n > 1) |
362 | word |= data[1] << 8; |
363 | if (n > 2) |
364 | word |= data[2]; |
365 | out[0] = base64_chars[(word >> 18) & 0x3F]; |
366 | out[1] = base64_chars[(word >> 12) & 0x3F]; |
367 | if (n > 1) |
368 | out[2] = base64_chars[(word >> 6) & 0x3F]; |
369 | else |
370 | out[2] = '='; |
371 | if (n > 2) |
372 | out[3] = base64_chars[word & 0x3F]; |
373 | else |
374 | out[3] = '='; |
375 | } |
376 | |
377 | /* ---------------------------------------------------------------------- |
5471d09a |
378 | * Generic routines to deal with send buffers: a linked list of |
379 | * smallish blocks, with the operations |
380 | * |
381 | * - add an arbitrary amount of data to the end of the list |
382 | * - remove the first N bytes from the list |
383 | * - return a (pointer,length) pair giving some initial data in |
384 | * the list, suitable for passing to a send or write system |
385 | * call |
7983f47e |
386 | * - retrieve a larger amount of initial data from the list |
5471d09a |
387 | * - return the current size of the buffer chain in bytes |
388 | */ |
389 | |
c780e7e1 |
390 | #define BUFFER_MIN_GRANULE 512 |
5471d09a |
391 | |
392 | struct bufchain_granule { |
393 | struct bufchain_granule *next; |
c780e7e1 |
394 | char *bufpos, *bufend, *bufmax; |
5471d09a |
395 | }; |
396 | |
397 | void bufchain_init(bufchain *ch) |
398 | { |
399 | ch->head = ch->tail = NULL; |
400 | ch->buffersize = 0; |
401 | } |
402 | |
403 | void bufchain_clear(bufchain *ch) |
404 | { |
405 | struct bufchain_granule *b; |
406 | while (ch->head) { |
407 | b = ch->head; |
408 | ch->head = ch->head->next; |
409 | sfree(b); |
410 | } |
411 | ch->tail = NULL; |
412 | ch->buffersize = 0; |
413 | } |
414 | |
415 | int bufchain_size(bufchain *ch) |
416 | { |
417 | return ch->buffersize; |
418 | } |
419 | |
e0e7dff8 |
420 | void bufchain_add(bufchain *ch, const void *data, int len) |
5471d09a |
421 | { |
e0e7dff8 |
422 | const char *buf = (const char *)data; |
5471d09a |
423 | |
bfa5400d |
424 | if (len == 0) return; |
425 | |
5471d09a |
426 | ch->buffersize += len; |
427 | |
5471d09a |
428 | while (len > 0) { |
c780e7e1 |
429 | if (ch->tail && ch->tail->bufend < ch->tail->bufmax) { |
430 | int copylen = min(len, ch->tail->bufmax - ch->tail->bufend); |
431 | memcpy(ch->tail->bufend, buf, copylen); |
432 | buf += copylen; |
433 | len -= copylen; |
434 | ch->tail->bufend += copylen; |
435 | } |
436 | if (len > 0) { |
437 | int grainlen = |
438 | max(sizeof(struct bufchain_granule) + len, BUFFER_MIN_GRANULE); |
439 | struct bufchain_granule *newbuf; |
440 | newbuf = smalloc(grainlen); |
441 | newbuf->bufpos = newbuf->bufend = |
442 | (char *)newbuf + sizeof(struct bufchain_granule); |
443 | newbuf->bufmax = (char *)newbuf + grainlen; |
444 | newbuf->next = NULL; |
445 | if (ch->tail) |
446 | ch->tail->next = newbuf; |
447 | else |
448 | ch->head = newbuf; |
449 | ch->tail = newbuf; |
450 | } |
5471d09a |
451 | } |
452 | } |
453 | |
454 | void bufchain_consume(bufchain *ch, int len) |
455 | { |
7983f47e |
456 | struct bufchain_granule *tmp; |
457 | |
5471d09a |
458 | assert(ch->buffersize >= len); |
7983f47e |
459 | while (len > 0) { |
460 | int remlen = len; |
461 | assert(ch->head != NULL); |
c780e7e1 |
462 | if (remlen >= ch->head->bufend - ch->head->bufpos) { |
463 | remlen = ch->head->bufend - ch->head->bufpos; |
7983f47e |
464 | tmp = ch->head; |
465 | ch->head = tmp->next; |
7983f47e |
466 | if (!ch->head) |
467 | ch->tail = NULL; |
c780e7e1 |
468 | sfree(tmp); |
7983f47e |
469 | } else |
470 | ch->head->bufpos += remlen; |
471 | ch->buffersize -= remlen; |
472 | len -= remlen; |
5471d09a |
473 | } |
474 | } |
475 | |
476 | void bufchain_prefix(bufchain *ch, void **data, int *len) |
477 | { |
c780e7e1 |
478 | *len = ch->head->bufend - ch->head->bufpos; |
479 | *data = ch->head->bufpos; |
5471d09a |
480 | } |
481 | |
7983f47e |
482 | void bufchain_fetch(bufchain *ch, void *data, int len) |
483 | { |
484 | struct bufchain_granule *tmp; |
485 | char *data_c = (char *)data; |
486 | |
487 | tmp = ch->head; |
488 | |
489 | assert(ch->buffersize >= len); |
490 | while (len > 0) { |
491 | int remlen = len; |
492 | |
493 | assert(tmp != NULL); |
c780e7e1 |
494 | if (remlen >= tmp->bufend - tmp->bufpos) |
495 | remlen = tmp->bufend - tmp->bufpos; |
496 | memcpy(data_c, tmp->bufpos, remlen); |
7983f47e |
497 | |
498 | tmp = tmp->next; |
499 | len -= remlen; |
500 | data_c += remlen; |
501 | } |
502 | } |
503 | |
03f64569 |
504 | /* ---------------------------------------------------------------------- |
b191636d |
505 | * My own versions of malloc, realloc and free. Because I want |
506 | * malloc and realloc to bomb out and exit the program if they run |
507 | * out of memory, realloc to reliably call malloc if passed a NULL |
508 | * pointer, and free to reliably do nothing if passed a NULL |
509 | * pointer. We can also put trace printouts in, if we need to; and |
510 | * we can also replace the allocator with an ElectricFence-like |
511 | * one. |
512 | */ |
513 | |
514 | #ifdef MINEFIELD |
d0912d1f |
515 | void *minefield_c_malloc(size_t size); |
516 | void minefield_c_free(void *p); |
517 | void *minefield_c_realloc(void *p, size_t size); |
518 | #endif |
374330e2 |
519 | |
520 | #ifdef MALLOC_LOG |
521 | static FILE *fp = NULL; |
522 | |
d7da76ca |
523 | static char *mlog_file = NULL; |
524 | static int mlog_line = 0; |
525 | |
32874aea |
526 | void mlog(char *file, int line) |
527 | { |
d7da76ca |
528 | mlog_file = file; |
529 | mlog_line = line; |
c662dbc0 |
530 | if (!fp) { |
374330e2 |
531 | fp = fopen("putty_mem.log", "w"); |
c662dbc0 |
532 | setvbuf(fp, NULL, _IONBF, BUFSIZ); |
533 | } |
374330e2 |
534 | if (fp) |
32874aea |
535 | fprintf(fp, "%s:%d: ", file, line); |
374330e2 |
536 | } |
537 | #endif |
538 | |
46cfeac8 |
539 | void *safemalloc(size_t n, size_t size) |
32874aea |
540 | { |
b191636d |
541 | void *p; |
46cfeac8 |
542 | |
543 | if (n > INT_MAX / size) { |
544 | p = NULL; |
545 | } else { |
546 | size *= n; |
66ab14c7 |
547 | if (size == 0) size = 1; |
b191636d |
548 | #ifdef MINEFIELD |
46cfeac8 |
549 | p = minefield_c_malloc(size); |
b191636d |
550 | #else |
46cfeac8 |
551 | p = malloc(size); |
b191636d |
552 | #endif |
46cfeac8 |
553 | } |
554 | |
374330e2 |
555 | if (!p) { |
d7da76ca |
556 | char str[200]; |
557 | #ifdef MALLOC_LOG |
558 | sprintf(str, "Out of memory! (%s:%d, size=%d)", |
559 | mlog_file, mlog_line, size); |
1b2ef365 |
560 | fprintf(fp, "*** %s\n", str); |
561 | fclose(fp); |
d7da76ca |
562 | #else |
563 | strcpy(str, "Out of memory!"); |
564 | #endif |
1709795f |
565 | modalfatalbox(str); |
374330e2 |
566 | } |
567 | #ifdef MALLOC_LOG |
568 | if (fp) |
569 | fprintf(fp, "malloc(%d) returns %p\n", size, p); |
570 | #endif |
571 | return p; |
572 | } |
573 | |
46cfeac8 |
574 | void *saferealloc(void *ptr, size_t n, size_t size) |
32874aea |
575 | { |
374330e2 |
576 | void *p; |
46cfeac8 |
577 | |
578 | if (n > INT_MAX / size) { |
579 | p = NULL; |
580 | } else { |
581 | size *= n; |
582 | if (!ptr) { |
b191636d |
583 | #ifdef MINEFIELD |
46cfeac8 |
584 | p = minefield_c_malloc(size); |
b191636d |
585 | #else |
46cfeac8 |
586 | p = malloc(size); |
b191636d |
587 | #endif |
46cfeac8 |
588 | } else { |
b191636d |
589 | #ifdef MINEFIELD |
46cfeac8 |
590 | p = minefield_c_realloc(ptr, size); |
b191636d |
591 | #else |
46cfeac8 |
592 | p = realloc(ptr, size); |
b191636d |
593 | #endif |
46cfeac8 |
594 | } |
b191636d |
595 | } |
46cfeac8 |
596 | |
374330e2 |
597 | if (!p) { |
d7da76ca |
598 | char str[200]; |
599 | #ifdef MALLOC_LOG |
600 | sprintf(str, "Out of memory! (%s:%d, size=%d)", |
601 | mlog_file, mlog_line, size); |
1b2ef365 |
602 | fprintf(fp, "*** %s\n", str); |
603 | fclose(fp); |
d7da76ca |
604 | #else |
605 | strcpy(str, "Out of memory!"); |
606 | #endif |
1709795f |
607 | modalfatalbox(str); |
374330e2 |
608 | } |
609 | #ifdef MALLOC_LOG |
610 | if (fp) |
611 | fprintf(fp, "realloc(%p,%d) returns %p\n", ptr, size, p); |
612 | #endif |
613 | return p; |
614 | } |
615 | |
32874aea |
616 | void safefree(void *ptr) |
617 | { |
374330e2 |
618 | if (ptr) { |
619 | #ifdef MALLOC_LOG |
620 | if (fp) |
621 | fprintf(fp, "free(%p)\n", ptr); |
622 | #endif |
b191636d |
623 | #ifdef MINEFIELD |
32874aea |
624 | minefield_c_free(ptr); |
b191636d |
625 | #else |
32874aea |
626 | free(ptr); |
b191636d |
627 | #endif |
374330e2 |
628 | } |
629 | #ifdef MALLOC_LOG |
630 | else if (fp) |
631 | fprintf(fp, "freeing null pointer - no action taken\n"); |
632 | #endif |
633 | } |
c82bda52 |
634 | |
03f64569 |
635 | /* ---------------------------------------------------------------------- |
636 | * Debugging routines. |
637 | */ |
638 | |
c82bda52 |
639 | #ifdef DEBUG |
d0912d1f |
640 | extern void dputs(char *); /* defined in per-platform *misc.c */ |
db9c0f86 |
641 | |
d0912d1f |
642 | void debug_printf(char *fmt, ...) |
32874aea |
643 | { |
57356d63 |
644 | char *buf; |
db9c0f86 |
645 | va_list ap; |
646 | |
647 | va_start(ap, fmt); |
57356d63 |
648 | buf = dupvprintf(fmt, ap); |
32874aea |
649 | dputs(buf); |
57356d63 |
650 | sfree(buf); |
c82bda52 |
651 | va_end(ap); |
652 | } |
db9c0f86 |
653 | |
654 | |
32874aea |
655 | void debug_memdump(void *buf, int len, int L) |
656 | { |
db9c0f86 |
657 | int i; |
658 | unsigned char *p = buf; |
765c4200 |
659 | char foo[17]; |
db9c0f86 |
660 | if (L) { |
661 | int delta; |
d0912d1f |
662 | debug_printf("\t%d (0x%x) bytes:\n", len, len); |
cc0966fa |
663 | delta = 15 & (unsigned long int) p; |
db9c0f86 |
664 | p -= delta; |
665 | len += delta; |
666 | } |
667 | for (; 0 < len; p += 16, len -= 16) { |
32874aea |
668 | dputs(" "); |
669 | if (L) |
d0912d1f |
670 | debug_printf("%p: ", p); |
32874aea |
671 | strcpy(foo, "................"); /* sixteen dots */ |
db9c0f86 |
672 | for (i = 0; i < 16 && i < len; ++i) { |
673 | if (&p[i] < (unsigned char *) buf) { |
32874aea |
674 | dputs(" "); /* 3 spaces */ |
765c4200 |
675 | foo[i] = ' '; |
db9c0f86 |
676 | } else { |
d0912d1f |
677 | debug_printf("%c%02.2x", |
32874aea |
678 | &p[i] != (unsigned char *) buf |
679 | && i % 4 ? '.' : ' ', p[i] |
680 | ); |
765c4200 |
681 | if (p[i] >= ' ' && p[i] <= '~') |
32874aea |
682 | foo[i] = (char) p[i]; |
db9c0f86 |
683 | } |
684 | } |
765c4200 |
685 | foo[i] = '\0'; |
d0912d1f |
686 | debug_printf("%*s%s\n", (16 - i) * 3 + 2, "", foo); |
db9c0f86 |
687 | } |
688 | } |
689 | |
32874aea |
690 | #endif /* def DEBUG */ |
7374c779 |
691 | |
692 | /* |
4a693cfc |
693 | * Determine whether or not a Conf represents a session which can |
694 | * sensibly be launched right now. |
7374c779 |
695 | */ |
4a693cfc |
696 | int conf_launchable(Conf *conf) |
7374c779 |
697 | { |
4a693cfc |
698 | if (conf_get_int(conf, CONF_protocol) == PROT_SERIAL) |
699 | return conf_get_str(conf, CONF_serline)[0] != 0; |
7374c779 |
700 | else |
4a693cfc |
701 | return conf_get_str(conf, CONF_host)[0] != 0; |
7374c779 |
702 | } |
703 | |
4a693cfc |
704 | char const *conf_dest(Conf *conf) |
7374c779 |
705 | { |
4a693cfc |
706 | if (conf_get_int(conf, CONF_protocol) == PROT_SERIAL) |
707 | return conf_get_str(conf, CONF_serline); |
7374c779 |
708 | else |
4a693cfc |
709 | return conf_get_str(conf, CONF_host); |
7374c779 |
710 | } |
dfb88efd |
711 | |
712 | #ifndef PLATFORM_HAS_SMEMCLR |
713 | /* |
714 | * Securely wipe memory. |
715 | * |
716 | * The actual wiping is no different from what memset would do: the |
717 | * point of 'securely' is to try to be sure over-clever compilers |
718 | * won't optimise away memsets on variables that are about to be freed |
719 | * or go out of scope. See |
720 | * https://buildsecurityin.us-cert.gov/bsi-rules/home/g1/771-BSI.html |
721 | * |
722 | * Some platforms (e.g. Windows) may provide their own version of this |
723 | * function. |
724 | */ |
725 | void smemclr(void *b, size_t n) { |
726 | volatile char *vp; |
727 | |
728 | if (b && n > 0) { |
729 | /* |
730 | * Zero out the memory. |
731 | */ |
732 | memset(b, 0, n); |
733 | |
734 | /* |
735 | * Perform a volatile access to the object, forcing the |
736 | * compiler to admit that the previous memset was important. |
737 | * |
738 | * This while loop should in practice run for zero iterations |
739 | * (since we know we just zeroed the object out), but in |
740 | * theory (as far as the compiler knows) it might range over |
741 | * the whole object. (If we had just written, say, '*vp = |
742 | * *vp;', a compiler could in principle have 'helpfully' |
743 | * optimised the memset into only zeroing out the first byte. |
744 | * This should be robust.) |
745 | */ |
746 | vp = b; |
747 | while (*vp) vp++; |
748 | } |
749 | } |
750 | #endif |