projects / u / mdw / putty / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Sebastian Kuschel reports that pfd_closing can be called for a socket
[u/mdw/putty] / misc.c
CommitLineData
f4ff9455 1/*
2 * Platform-independent routines shared between all PuTTY programs.
3 */
4
374330e2 5#include <stdio.h>
6#include <stdlib.h>
1709795f 7#include <stdarg.h>
46cfeac8 8#include <limits.h>
57356d63 9#include <ctype.h>
5471d09a 10#include <assert.h>
374330e2 11#include "putty.h"
12
d57f70af 13/*
14 * Parse a string block size specification. This is approximately a
15 * subset of the block size specs supported by GNU fileutils:
16 * "nk" = n kilobytes
17 * "nM" = n megabytes
18 * "nG" = n gigabytes
19 * All numbers are decimal, and suffixes refer to powers of two.
20 * Case-insensitive.
21 */
22unsigned long parse_blocksize(const char *bs)
23{
24 char *suf;
25 unsigned long r = strtoul(bs, &suf, 10);
26 if (*suf != '\0') {
0d119367 27 while (*suf && isspace((unsigned char)*suf)) suf++;
d57f70af 28 switch (*suf) {
29 case 'k': case 'K':
30 r *= 1024ul;
31 break;
32 case 'm': case 'M':
33 r *= 1024ul * 1024ul;
34 break;
35 case 'g': case 'G':
36 r *= 1024ul * 1024ul * 1024ul;
37 break;
38 case '\0':
39 default:
40 break;
41 }
42 }
43 return r;
44}
45
d45d4c07 46/*
47 * Parse a ^C style character specification.
48 * Returns NULL in `next' if we didn't recognise it as a control character,
49 * in which case `c' should be ignored.
50 * The precise current parsing is an oddity inherited from the terminal
447940b3 51 * answerback-string parsing code. All sequences start with ^; all except
52 * ^<123> are two characters. The ones that are worth keeping are probably:
d45d4c07 53 * ^? 127
54 * ^@A-Z[\]^_ 0-31
55 * a-z 1-26
447940b3 56 * <num> specified by number (decimal, 0octal, 0xHEX)
d45d4c07 57 * ~ ^ escape
58 */
59char ctrlparse(char *s, char **next)
60{
61 char c = 0;
62 if (*s != '^') {
63 *next = NULL;
d45d4c07 64 } else {
65 s++;
66 if (*s == '\0') {
67 *next = NULL;
447940b3 68 } else if (*s == '<') {
69 s++;
70 c = (char)strtol(s, next, 0);
71 if ((*next == s) || (**next != '>')) {
72 c = 0;
73 *next = NULL;
74 } else
75 (*next)++;
d45d4c07 76 } else if (*s >= 'a' && *s <= 'z') {
77 c = (*s - ('a' - 1));
447940b3 78 *next = s+1;
d45d4c07 79 } else if ((*s >= '@' && *s <= '_') || *s == '?' || (*s & 0x80)) {
80 c = ('@' ^ *s);
447940b3 81 *next = s+1;
d45d4c07 82 } else if (*s == '~') {
83 c = '^';
447940b3 84 *next = s+1;
d45d4c07 85 }
d45d4c07 86 }
447940b3 87 return c;
d45d4c07 88}
89
edd0cb8a 90prompts_t *new_prompts(void *frontend)
91{
92 prompts_t *p = snew(prompts_t);
93 p->prompts = NULL;
94 p->n_prompts = 0;
95 p->frontend = frontend;
96 p->data = NULL;
97 p->to_server = TRUE; /* to be on the safe side */
98 p->name = p->instruction = NULL;
99 p->name_reqd = p->instr_reqd = FALSE;
100 return p;
101}
b61f81bc 102void add_prompt(prompts_t *p, char *promptstr, int echo)
edd0cb8a 103{
104 prompt_t *pr = snew(prompt_t);
edd0cb8a 105 pr->prompt = promptstr;
106 pr->echo = echo;
b61f81bc 107 pr->result = NULL;
108 pr->resultsize = 0;
edd0cb8a 109 p->n_prompts++;
110 p->prompts = sresize(p->prompts, p->n_prompts, prompt_t *);
111 p->prompts[p->n_prompts-1] = pr;
112}
b61f81bc 113void prompt_ensure_result_size(prompt_t *pr, int newlen)
114{
115 if ((int)pr->resultsize < newlen) {
116 char *newbuf;
117 newlen = newlen * 5 / 4 + 512; /* avoid too many small allocs */
118
119 /*
120 * We don't use sresize / realloc here, because we will be
121 * storing sensitive stuff like passwords in here, and we want
122 * to make sure that the data doesn't get copied around in
123 * memory without the old copy being destroyed.
124 */
125 newbuf = snewn(newlen, char);
126 memcpy(newbuf, pr->result, pr->resultsize);
dfb88efd 127 smemclr(pr->result, pr->resultsize);
b61f81bc 128 sfree(pr->result);
129 pr->result = newbuf;
130 pr->resultsize = newlen;
131 }
132}
133void prompt_set_result(prompt_t *pr, const char *newstr)
134{
135 prompt_ensure_result_size(pr, strlen(newstr) + 1);
136 strcpy(pr->result, newstr);
137}
edd0cb8a 138void free_prompts(prompts_t *p)
139{
140 size_t i;
141 for (i=0; i < p->n_prompts; i++) {
142 prompt_t *pr = p->prompts[i];
dfb88efd 143 smemclr(pr->result, pr->resultsize); /* burn the evidence */
edd0cb8a 144 sfree(pr->result);
145 sfree(pr->prompt);
146 sfree(pr);
147 }
148 sfree(p->prompts);
149 sfree(p->name);
150 sfree(p->instruction);
151 sfree(p);
152}
153
03f64569 154/* ----------------------------------------------------------------------
155 * String handling routines.
156 */
157
57356d63 158char *dupstr(const char *s)
03f64569 159{
6d113886 160 char *p = NULL;
161 if (s) {
162 int len = strlen(s);
163 p = snewn(len + 1, char);
164 strcpy(p, s);
165 }
03f64569 166 return p;
167}
168
169/* Allocate the concatenation of N strings. Terminate arg list with NULL. */
57356d63 170char *dupcat(const char *s1, ...)
03f64569 171{
172 int len;
173 char *p, *q, *sn;
174 va_list ap;
175
176 len = strlen(s1);
177 va_start(ap, s1);
178 while (1) {
179 sn = va_arg(ap, char *);
180 if (!sn)
181 break;
182 len += strlen(sn);
183 }
184 va_end(ap);
185
3d88e64d 186 p = snewn(len + 1, char);
03f64569 187 strcpy(p, s1);
188 q = p + strlen(p);
189
190 va_start(ap, s1);
191 while (1) {
192 sn = va_arg(ap, char *);
193 if (!sn)
194 break;
195 strcpy(q, sn);
196 q += strlen(q);
197 }
198 va_end(ap);
199
200 return p;
201}
202
12b9e82d 203void burnstr(char *string) /* sfree(str), only clear it first */
204{
205 if (string) {
dfb88efd 206 smemclr(string, strlen(string));
12b9e82d 207 sfree(string);
208 }
209}
210
b1650067 211int toint(unsigned u)
212{
213 /*
214 * Convert an unsigned to an int, without running into the
215 * undefined behaviour which happens by the strict C standard if
216 * the value overflows. You'd hope that sensible compilers would
217 * do the sensible thing in response to a cast, but actually I
218 * don't trust modern compilers not to do silly things like
219 * assuming that _obviously_ you wouldn't have caused an overflow
220 * and so they can elide an 'if (i < 0)' test immediately after
221 * the cast.
222 *
223 * Sensible compilers ought of course to optimise this entire
224 * function into 'just return the input value'!
225 */
226 if (u <= (unsigned)INT_MAX)
227 return (int)u;
228 else if (u >= (unsigned)INT_MIN) /* wrap in cast _to_ unsigned is OK */
229 return INT_MIN + (int)(u - (unsigned)INT_MIN);
230 else
231 return INT_MIN; /* fallback; should never occur on binary machines */
232}
233
57356d63 234/*
235 * Do an sprintf(), but into a custom-allocated buffer.
236 *
28da9e3d 237 * Currently I'm doing this via vsnprintf. This has worked so far,
e1ef3c29 238 * but it's not good, because vsnprintf is not available on all
239 * platforms. There's an ifdef to use `_vsnprintf', which seems
240 * to be the local name for it on Windows. Other platforms may
241 * lack it completely, in which case it'll be time to rewrite
242 * this function in a totally different way.
28da9e3d 243 *
244 * The only `properly' portable solution I can think of is to
245 * implement my own format string scanner, which figures out an
246 * upper bound for the length of each formatting directive,
247 * allocates the buffer as it goes along, and calls sprintf() to
248 * actually process each directive. If I ever need to actually do
249 * this, some caveats:
250 *
251 * - It's very hard to find a reliable upper bound for
252 * floating-point values. %f, in particular, when supplied with
253 * a number near to the upper or lower limit of representable
254 * numbers, could easily take several hundred characters. It's
255 * probably feasible to predict this statically using the
256 * constants in <float.h>, or even to predict it dynamically by
257 * looking at the exponent of the specific float provided, but
258 * it won't be fun.
259 *
260 * - Don't forget to _check_, after calling sprintf, that it's
261 * used at most the amount of space we had available.
262 *
263 * - Fault any formatting directive we don't fully understand. The
264 * aim here is to _guarantee_ that we never overflow the buffer,
265 * because this is a security-critical function. If we see a
266 * directive we don't know about, we should panic and die rather
267 * than run any risk.
57356d63 268 */
269char *dupprintf(const char *fmt, ...)
270{
271 char *ret;
272 va_list ap;
273 va_start(ap, fmt);
274 ret = dupvprintf(fmt, ap);
275 va_end(ap);
276 return ret;
277}
278char *dupvprintf(const char *fmt, va_list ap)
279{
280 char *buf;
281 int len, size;
282
3d88e64d 283 buf = snewn(512, char);
57356d63 284 size = 512;
285
286 while (1) {
287#ifdef _WINDOWS
288#define vsnprintf _vsnprintf
289#endif
e1ef3c29 290#ifdef va_copy
291 /* Use the `va_copy' macro mandated by C99, if present.
292 * XXX some environments may have this as __va_copy() */
293 va_list aq;
294 va_copy(aq, ap);
295 len = vsnprintf(buf, size, fmt, aq);
296 va_end(aq);
297#else
298 /* Ugh. No va_copy macro, so do something nasty.
299 * Technically, you can't reuse a va_list like this: it is left
300 * unspecified whether advancing a va_list pointer modifies its
301 * value or something it points to, so on some platforms calling
302 * vsnprintf twice on the same va_list might fail hideously
303 * (indeed, it has been observed to).
304 * XXX the autoconf manual suggests that using memcpy() will give
305 * "maximum portability". */
57356d63 306 len = vsnprintf(buf, size, fmt, ap);
e1ef3c29 307#endif
57356d63 308 if (len >= 0 && len < size) {
309 /* This is the C99-specified criterion for snprintf to have
310 * been completely successful. */
311 return buf;
312 } else if (len > 0) {
313 /* This is the C99 error condition: the returned length is
314 * the required buffer size not counting the NUL. */
315 size = len + 1;
316 } else {
317 /* This is the pre-C99 glibc error condition: <0 means the
318 * buffer wasn't big enough, so we enlarge it a bit and hope. */
319 size += 512;
320 }
3d88e64d 321 buf = sresize(buf, size, char);
57356d63 322 }
323}
324
39934deb 325/*
326 * Read an entire line of text from a file. Return a buffer
327 * malloced to be as big as necessary (caller must free).
328 */
329char *fgetline(FILE *fp)
330{
331 char *ret = snewn(512, char);
332 int size = 512, len = 0;
333 while (fgets(ret + len, size - len, fp)) {
334 len += strlen(ret + len);
335 if (ret[len-1] == '\n')
336 break; /* got a newline, we're done */
337 size = len + 512;
338 ret = sresize(ret, size, char);
339 }
340 if (len == 0) { /* first fgets returned NULL */
341 sfree(ret);
342 return NULL;
343 }
344 ret[len] = '\0';
345 return ret;
346}
347
03f64569 348/* ----------------------------------------------------------------------
1549e076 349 * Base64 encoding routine. This is required in public-key writing
350 * but also in HTTP proxy handling, so it's centralised here.
351 */
352
353void base64_encode_atom(unsigned char *data, int n, char *out)
354{
355 static const char base64_chars[] =
356 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
357
358 unsigned word;
359
360 word = data[0] << 16;
361 if (n > 1)
362 word |= data[1] << 8;
363 if (n > 2)
364 word |= data[2];
365 out[0] = base64_chars[(word >> 18) & 0x3F];
366 out[1] = base64_chars[(word >> 12) & 0x3F];
367 if (n > 1)
368 out[2] = base64_chars[(word >> 6) & 0x3F];
369 else
370 out[2] = '=';
371 if (n > 2)
372 out[3] = base64_chars[word & 0x3F];
373 else
374 out[3] = '=';
375}
376
377/* ----------------------------------------------------------------------
5471d09a 378 * Generic routines to deal with send buffers: a linked list of
379 * smallish blocks, with the operations
380 *
381 * - add an arbitrary amount of data to the end of the list
382 * - remove the first N bytes from the list
383 * - return a (pointer,length) pair giving some initial data in
384 * the list, suitable for passing to a send or write system
385 * call
7983f47e 386 * - retrieve a larger amount of initial data from the list
5471d09a 387 * - return the current size of the buffer chain in bytes
388 */
389
c780e7e1 390#define BUFFER_MIN_GRANULE 512
5471d09a 391
392struct bufchain_granule {
393 struct bufchain_granule *next;
c780e7e1 394 char *bufpos, *bufend, *bufmax;
5471d09a 395};
396
397void bufchain_init(bufchain *ch)
398{
399 ch->head = ch->tail = NULL;
400 ch->buffersize = 0;
401}
402
403void bufchain_clear(bufchain *ch)
404{
405 struct bufchain_granule *b;
406 while (ch->head) {
407 b = ch->head;
408 ch->head = ch->head->next;
409 sfree(b);
410 }
411 ch->tail = NULL;
412 ch->buffersize = 0;
413}
414
415int bufchain_size(bufchain *ch)
416{
417 return ch->buffersize;
418}
419
e0e7dff8 420void bufchain_add(bufchain *ch, const void *data, int len)
5471d09a 421{
e0e7dff8 422 const char *buf = (const char *)data;
5471d09a 423
bfa5400d 424 if (len == 0) return;
425
5471d09a 426 ch->buffersize += len;
427
5471d09a 428 while (len > 0) {
c780e7e1 429 if (ch->tail && ch->tail->bufend < ch->tail->bufmax) {
430 int copylen = min(len, ch->tail->bufmax - ch->tail->bufend);
431 memcpy(ch->tail->bufend, buf, copylen);
432 buf += copylen;
433 len -= copylen;
434 ch->tail->bufend += copylen;
435 }
436 if (len > 0) {
437 int grainlen =
438 max(sizeof(struct bufchain_granule) + len, BUFFER_MIN_GRANULE);
439 struct bufchain_granule *newbuf;
440 newbuf = smalloc(grainlen);
441 newbuf->bufpos = newbuf->bufend =
442 (char *)newbuf + sizeof(struct bufchain_granule);
443 newbuf->bufmax = (char *)newbuf + grainlen;
444 newbuf->next = NULL;
445 if (ch->tail)
446 ch->tail->next = newbuf;
447 else
448 ch->head = newbuf;
449 ch->tail = newbuf;
450 }
5471d09a 451 }
452}
453
454void bufchain_consume(bufchain *ch, int len)
455{
7983f47e 456 struct bufchain_granule *tmp;
457
5471d09a 458 assert(ch->buffersize >= len);
7983f47e 459 while (len > 0) {
460 int remlen = len;
461 assert(ch->head != NULL);
c780e7e1 462 if (remlen >= ch->head->bufend - ch->head->bufpos) {
463 remlen = ch->head->bufend - ch->head->bufpos;
7983f47e 464 tmp = ch->head;
465 ch->head = tmp->next;
7983f47e 466 if (!ch->head)
467 ch->tail = NULL;
c780e7e1 468 sfree(tmp);
7983f47e 469 } else
470 ch->head->bufpos += remlen;
471 ch->buffersize -= remlen;
472 len -= remlen;
5471d09a 473 }
474}
475
476void bufchain_prefix(bufchain *ch, void **data, int *len)
477{
c780e7e1 478 *len = ch->head->bufend - ch->head->bufpos;
479 *data = ch->head->bufpos;
5471d09a 480}
481
7983f47e 482void bufchain_fetch(bufchain *ch, void *data, int len)
483{
484 struct bufchain_granule *tmp;
485 char *data_c = (char *)data;
486
487 tmp = ch->head;
488
489 assert(ch->buffersize >= len);
490 while (len > 0) {
491 int remlen = len;
492
493 assert(tmp != NULL);
c780e7e1 494 if (remlen >= tmp->bufend - tmp->bufpos)
495 remlen = tmp->bufend - tmp->bufpos;
496 memcpy(data_c, tmp->bufpos, remlen);
7983f47e 497
498 tmp = tmp->next;
499 len -= remlen;
500 data_c += remlen;
501 }
502}
503
03f64569 504/* ----------------------------------------------------------------------
b191636d 505 * My own versions of malloc, realloc and free. Because I want
506 * malloc and realloc to bomb out and exit the program if they run
507 * out of memory, realloc to reliably call malloc if passed a NULL
508 * pointer, and free to reliably do nothing if passed a NULL
509 * pointer. We can also put trace printouts in, if we need to; and
510 * we can also replace the allocator with an ElectricFence-like
511 * one.
512 */
513
514#ifdef MINEFIELD
d0912d1f 515void *minefield_c_malloc(size_t size);
516void minefield_c_free(void *p);
517void *minefield_c_realloc(void *p, size_t size);
518#endif
374330e2 519
520#ifdef MALLOC_LOG
521static FILE *fp = NULL;
522
d7da76ca 523static char *mlog_file = NULL;
524static int mlog_line = 0;
525
32874aea 526void mlog(char *file, int line)
527{
d7da76ca 528 mlog_file = file;
529 mlog_line = line;
c662dbc0 530 if (!fp) {
374330e2 531 fp = fopen("putty_mem.log", "w");
c662dbc0 532 setvbuf(fp, NULL, _IONBF, BUFSIZ);
533 }
374330e2 534 if (fp)
32874aea 535 fprintf(fp, "%s:%d: ", file, line);
374330e2 536}
537#endif
538
46cfeac8 539void *safemalloc(size_t n, size_t size)
32874aea 540{
b191636d 541 void *p;
46cfeac8 542
543 if (n > INT_MAX / size) {
544 p = NULL;
545 } else {
546 size *= n;
66ab14c7 547 if (size == 0) size = 1;
b191636d 548#ifdef MINEFIELD
46cfeac8 549 p = minefield_c_malloc(size);
b191636d 550#else
46cfeac8 551 p = malloc(size);
b191636d 552#endif
46cfeac8 553 }
554
374330e2 555 if (!p) {
d7da76ca 556 char str[200];
557#ifdef MALLOC_LOG
558 sprintf(str, "Out of memory! (%s:%d, size=%d)",
559 mlog_file, mlog_line, size);
1b2ef365 560 fprintf(fp, "*** %s\n", str);
561 fclose(fp);
d7da76ca 562#else
563 strcpy(str, "Out of memory!");
564#endif
1709795f 565 modalfatalbox(str);
374330e2 566 }
567#ifdef MALLOC_LOG
568 if (fp)
569 fprintf(fp, "malloc(%d) returns %p\n", size, p);
570#endif
571 return p;
572}
573
46cfeac8 574void *saferealloc(void *ptr, size_t n, size_t size)
32874aea 575{
374330e2 576 void *p;
46cfeac8 577
578 if (n > INT_MAX / size) {
579 p = NULL;
580 } else {
581 size *= n;
582 if (!ptr) {
b191636d 583#ifdef MINEFIELD
46cfeac8 584 p = minefield_c_malloc(size);
b191636d 585#else
46cfeac8 586 p = malloc(size);
b191636d 587#endif
46cfeac8 588 } else {
b191636d 589#ifdef MINEFIELD
46cfeac8 590 p = minefield_c_realloc(ptr, size);
b191636d 591#else
46cfeac8 592 p = realloc(ptr, size);
b191636d 593#endif
46cfeac8 594 }
b191636d 595 }
46cfeac8 596
374330e2 597 if (!p) {
d7da76ca 598 char str[200];
599#ifdef MALLOC_LOG
600 sprintf(str, "Out of memory! (%s:%d, size=%d)",
601 mlog_file, mlog_line, size);
1b2ef365 602 fprintf(fp, "*** %s\n", str);
603 fclose(fp);
d7da76ca 604#else
605 strcpy(str, "Out of memory!");
606#endif
1709795f 607 modalfatalbox(str);
374330e2 608 }
609#ifdef MALLOC_LOG
610 if (fp)
611 fprintf(fp, "realloc(%p,%d) returns %p\n", ptr, size, p);
612#endif
613 return p;
614}
615
32874aea 616void safefree(void *ptr)
617{
374330e2 618 if (ptr) {
619#ifdef MALLOC_LOG
620 if (fp)
621 fprintf(fp, "free(%p)\n", ptr);
622#endif
b191636d 623#ifdef MINEFIELD
32874aea 624 minefield_c_free(ptr);
b191636d 625#else
32874aea 626 free(ptr);
b191636d 627#endif
374330e2 628 }
629#ifdef MALLOC_LOG
630 else if (fp)
631 fprintf(fp, "freeing null pointer - no action taken\n");
632#endif
633}
c82bda52 634
03f64569 635/* ----------------------------------------------------------------------
636 * Debugging routines.
637 */
638
c82bda52 639#ifdef DEBUG
d0912d1f 640extern void dputs(char *); /* defined in per-platform *misc.c */
db9c0f86 641
d0912d1f 642void debug_printf(char *fmt, ...)
32874aea 643{
57356d63 644 char *buf;
db9c0f86 645 va_list ap;
646
647 va_start(ap, fmt);
57356d63 648 buf = dupvprintf(fmt, ap);
32874aea 649 dputs(buf);
57356d63 650 sfree(buf);
c82bda52 651 va_end(ap);
652}
db9c0f86 653
654
32874aea 655void debug_memdump(void *buf, int len, int L)
656{
db9c0f86 657 int i;
658 unsigned char *p = buf;
765c4200 659 char foo[17];
db9c0f86 660 if (L) {
661 int delta;
d0912d1f 662 debug_printf("\t%d (0x%x) bytes:\n", len, len);
cc0966fa 663 delta = 15 & (unsigned long int) p;
db9c0f86 664 p -= delta;
665 len += delta;
666 }
667 for (; 0 < len; p += 16, len -= 16) {
32874aea 668 dputs(" ");
669 if (L)
d0912d1f 670 debug_printf("%p: ", p);
32874aea 671 strcpy(foo, "................"); /* sixteen dots */
db9c0f86 672 for (i = 0; i < 16 && i < len; ++i) {
673 if (&p[i] < (unsigned char *) buf) {
32874aea 674 dputs(" "); /* 3 spaces */
765c4200 675 foo[i] = ' ';
db9c0f86 676 } else {
d0912d1f 677 debug_printf("%c%02.2x",
32874aea 678 &p[i] != (unsigned char *) buf
679 && i % 4 ? '.' : ' ', p[i]
680 );
765c4200 681 if (p[i] >= ' ' && p[i] <= '~')
32874aea 682 foo[i] = (char) p[i];
db9c0f86 683 }
684 }
765c4200 685 foo[i] = '\0';
d0912d1f 686 debug_printf("%*s%s\n", (16 - i) * 3 + 2, "", foo);
db9c0f86 687 }
688}
689
32874aea 690#endif /* def DEBUG */
7374c779 691
692/*
4a693cfc 693 * Determine whether or not a Conf represents a session which can
694 * sensibly be launched right now.
7374c779 695 */
4a693cfc 696int conf_launchable(Conf *conf)
7374c779 697{
4a693cfc 698 if (conf_get_int(conf, CONF_protocol) == PROT_SERIAL)
699 return conf_get_str(conf, CONF_serline)[0] != 0;
7374c779 700 else
4a693cfc 701 return conf_get_str(conf, CONF_host)[0] != 0;
7374c779 702}
703
4a693cfc 704char const *conf_dest(Conf *conf)
7374c779 705{
4a693cfc 706 if (conf_get_int(conf, CONF_protocol) == PROT_SERIAL)
707 return conf_get_str(conf, CONF_serline);
7374c779 708 else
4a693cfc 709 return conf_get_str(conf, CONF_host);
7374c779 710}
dfb88efd 711
712#ifndef PLATFORM_HAS_SMEMCLR
713/*
714 * Securely wipe memory.
715 *
716 * The actual wiping is no different from what memset would do: the
717 * point of 'securely' is to try to be sure over-clever compilers
718 * won't optimise away memsets on variables that are about to be freed
719 * or go out of scope. See
720 * https://buildsecurityin.us-cert.gov/bsi-rules/home/g1/771-BSI.html
721 *
722 * Some platforms (e.g. Windows) may provide their own version of this
723 * function.
724 */
725void smemclr(void *b, size_t n) {
726 volatile char *vp;
727
728 if (b && n > 0) {
729 /*
730 * Zero out the memory.
731 */
732 memset(b, 0, n);
733
734 /*
735 * Perform a volatile access to the object, forcing the
736 * compiler to admit that the previous memset was important.
737 *
738 * This while loop should in practice run for zero iterations
739 * (since we know we just zeroed the object out), but in
740 * theory (as far as the compiler knows) it might range over
741 * the whole object. (If we had just written, say, '*vp =
742 * *vp;', a compiler could in principle have 'helpfully'
743 * optimised the memset into only zeroing out the first byte.
744 * This should be robust.)
745 */
746 vp = b;
747 while (*vp) vp++;
748 }
749}
750#endif
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator