projects / u / mdw / putty / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Additional robustness to SFTP packet parsing and memory allocation.
[u/mdw/putty] / misc.c
1 /*
2 * Platform-independent routines shared between all PuTTY programs.
3 */
4
5 #include <stdio.h>
6 #include <stdlib.h>
7 #include <stdarg.h>
8 #include <limits.h>
9 #include <ctype.h>
10 #include <assert.h>
11 #include "putty.h"
12
13 /*
14 * Parse a string block size specification. This is approximately a
15 * subset of the block size specs supported by GNU fileutils:
16 * "nk" = n kilobytes
17 * "nM" = n megabytes
18 * "nG" = n gigabytes
19 * All numbers are decimal, and suffixes refer to powers of two.
20 * Case-insensitive.
21 */
22 unsigned long parse_blocksize(const char *bs)
23 {
24 char *suf;
25 unsigned long r = strtoul(bs, &suf, 10);
26 if (*suf != '\0') {
27 while (isspace(*suf)) suf++;
28 switch (*suf) {
29 case 'k': case 'K':
30 r *= 1024ul;
31 break;
32 case 'm': case 'M':
33 r *= 1024ul * 1024ul;
34 break;
35 case 'g': case 'G':
36 r *= 1024ul * 1024ul * 1024ul;
37 break;
38 case '\0':
39 default:
40 break;
41 }
42 }
43 return r;
44 }
45
46 /* ----------------------------------------------------------------------
47 * String handling routines.
48 */
49
50 char *dupstr(const char *s)
51 {
52 char *p = NULL;
53 if (s) {
54 int len = strlen(s);
55 p = snewn(len + 1, char);
56 strcpy(p, s);
57 }
58 return p;
59 }
60
61 /* Allocate the concatenation of N strings. Terminate arg list with NULL. */
62 char *dupcat(const char *s1, ...)
63 {
64 int len;
65 char *p, *q, *sn;
66 va_list ap;
67
68 len = strlen(s1);
69 va_start(ap, s1);
70 while (1) {
71 sn = va_arg(ap, char *);
72 if (!sn)
73 break;
74 len += strlen(sn);
75 }
76 va_end(ap);
77
78 p = snewn(len + 1, char);
79 strcpy(p, s1);
80 q = p + strlen(p);
81
82 va_start(ap, s1);
83 while (1) {
84 sn = va_arg(ap, char *);
85 if (!sn)
86 break;
87 strcpy(q, sn);
88 q += strlen(q);
89 }
90 va_end(ap);
91
92 return p;
93 }
94
95 /*
96 * Do an sprintf(), but into a custom-allocated buffer.
97 *
98 * Currently I'm doing this via vsnprintf. This has worked so far,
99 * but it's not good, because:
100 *
101 * - vsnprintf is not available on all platforms. There's an ifdef
102 * to use `_vsnprintf', which seems to be the local name for it
103 * on Windows. Other platforms may lack it completely, in which
104 * case it'll be time to rewrite this function in a totally
105 * different way.
106 *
107 * - technically you can't reuse a va_list like this: it is left
108 * unspecified whether advancing a va_list pointer modifies its
109 * value or something it points to, so on some platforms calling
110 * vsnprintf twice on the same va_list might fail hideously. It
111 * would be better to use the `va_copy' macro mandated by C99,
112 * but that too is not yet ubiquitous.
113 *
114 * The only `properly' portable solution I can think of is to
115 * implement my own format string scanner, which figures out an
116 * upper bound for the length of each formatting directive,
117 * allocates the buffer as it goes along, and calls sprintf() to
118 * actually process each directive. If I ever need to actually do
119 * this, some caveats:
120 *
121 * - It's very hard to find a reliable upper bound for
122 * floating-point values. %f, in particular, when supplied with
123 * a number near to the upper or lower limit of representable
124 * numbers, could easily take several hundred characters. It's
125 * probably feasible to predict this statically using the
126 * constants in <float.h>, or even to predict it dynamically by
127 * looking at the exponent of the specific float provided, but
128 * it won't be fun.
129 *
130 * - Don't forget to _check_, after calling sprintf, that it's
131 * used at most the amount of space we had available.
132 *
133 * - Fault any formatting directive we don't fully understand. The
134 * aim here is to _guarantee_ that we never overflow the buffer,
135 * because this is a security-critical function. If we see a
136 * directive we don't know about, we should panic and die rather
137 * than run any risk.
138 */
139 char *dupprintf(const char *fmt, ...)
140 {
141 char *ret;
142 va_list ap;
143 va_start(ap, fmt);
144 ret = dupvprintf(fmt, ap);
145 va_end(ap);
146 return ret;
147 }
148 char *dupvprintf(const char *fmt, va_list ap)
149 {
150 char *buf;
151 int len, size;
152
153 buf = snewn(512, char);
154 size = 512;
155
156 while (1) {
157 #ifdef _WINDOWS
158 #define vsnprintf _vsnprintf
159 #endif
160 len = vsnprintf(buf, size, fmt, ap);
161 if (len >= 0 && len < size) {
162 /* This is the C99-specified criterion for snprintf to have
163 * been completely successful. */
164 return buf;
165 } else if (len > 0) {
166 /* This is the C99 error condition: the returned length is
167 * the required buffer size not counting the NUL. */
168 size = len + 1;
169 } else {
170 /* This is the pre-C99 glibc error condition: <0 means the
171 * buffer wasn't big enough, so we enlarge it a bit and hope. */
172 size += 512;
173 }
174 buf = sresize(buf, size, char);
175 }
176 }
177
178 /*
179 * Read an entire line of text from a file. Return a buffer
180 * malloced to be as big as necessary (caller must free).
181 */
182 char *fgetline(FILE *fp)
183 {
184 char *ret = snewn(512, char);
185 int size = 512, len = 0;
186 while (fgets(ret + len, size - len, fp)) {
187 len += strlen(ret + len);
188 if (ret[len-1] == '\n')
189 break; /* got a newline, we're done */
190 size = len + 512;
191 ret = sresize(ret, size, char);
192 }
193 if (len == 0) { /* first fgets returned NULL */
194 sfree(ret);
195 return NULL;
196 }
197 ret[len] = '\0';
198 return ret;
199 }
200
201 /* ----------------------------------------------------------------------
202 * Base64 encoding routine. This is required in public-key writing
203 * but also in HTTP proxy handling, so it's centralised here.
204 */
205
206 void base64_encode_atom(unsigned char *data, int n, char *out)
207 {
208 static const char base64_chars[] =
209 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
210
211 unsigned word;
212
213 word = data[0] << 16;
214 if (n > 1)
215 word |= data[1] << 8;
216 if (n > 2)
217 word |= data[2];
218 out[0] = base64_chars[(word >> 18) & 0x3F];
219 out[1] = base64_chars[(word >> 12) & 0x3F];
220 if (n > 1)
221 out[2] = base64_chars[(word >> 6) & 0x3F];
222 else
223 out[2] = '=';
224 if (n > 2)
225 out[3] = base64_chars[word & 0x3F];
226 else
227 out[3] = '=';
228 }
229
230 /* ----------------------------------------------------------------------
231 * Generic routines to deal with send buffers: a linked list of
232 * smallish blocks, with the operations
233 *
234 * - add an arbitrary amount of data to the end of the list
235 * - remove the first N bytes from the list
236 * - return a (pointer,length) pair giving some initial data in
237 * the list, suitable for passing to a send or write system
238 * call
239 * - retrieve a larger amount of initial data from the list
240 * - return the current size of the buffer chain in bytes
241 */
242
243 #define BUFFER_GRANULE 512
244
245 struct bufchain_granule {
246 struct bufchain_granule *next;
247 int buflen, bufpos;
248 char buf[BUFFER_GRANULE];
249 };
250
251 void bufchain_init(bufchain *ch)
252 {
253 ch->head = ch->tail = NULL;
254 ch->buffersize = 0;
255 }
256
257 void bufchain_clear(bufchain *ch)
258 {
259 struct bufchain_granule *b;
260 while (ch->head) {
261 b = ch->head;
262 ch->head = ch->head->next;
263 sfree(b);
264 }
265 ch->tail = NULL;
266 ch->buffersize = 0;
267 }
268
269 int bufchain_size(bufchain *ch)
270 {
271 return ch->buffersize;
272 }
273
274 void bufchain_add(bufchain *ch, const void *data, int len)
275 {
276 const char *buf = (const char *)data;
277
278 if (len == 0) return;
279
280 ch->buffersize += len;
281
282 if (ch->tail && ch->tail->buflen < BUFFER_GRANULE) {
283 int copylen = min(len, BUFFER_GRANULE - ch->tail->buflen);
284 memcpy(ch->tail->buf + ch->tail->buflen, buf, copylen);
285 buf += copylen;
286 len -= copylen;
287 ch->tail->buflen += copylen;
288 }
289 while (len > 0) {
290 int grainlen = min(len, BUFFER_GRANULE);
291 struct bufchain_granule *newbuf;
292 newbuf = snew(struct bufchain_granule);
293 newbuf->bufpos = 0;
294 newbuf->buflen = grainlen;
295 memcpy(newbuf->buf, buf, grainlen);
296 buf += grainlen;
297 len -= grainlen;
298 if (ch->tail)
299 ch->tail->next = newbuf;
300 else
301 ch->head = ch->tail = newbuf;
302 newbuf->next = NULL;
303 ch->tail = newbuf;
304 }
305 }
306
307 void bufchain_consume(bufchain *ch, int len)
308 {
309 struct bufchain_granule *tmp;
310
311 assert(ch->buffersize >= len);
312 while (len > 0) {
313 int remlen = len;
314 assert(ch->head != NULL);
315 if (remlen >= ch->head->buflen - ch->head->bufpos) {
316 remlen = ch->head->buflen - ch->head->bufpos;
317 tmp = ch->head;
318 ch->head = tmp->next;
319 sfree(tmp);
320 if (!ch->head)
321 ch->tail = NULL;
322 } else
323 ch->head->bufpos += remlen;
324 ch->buffersize -= remlen;
325 len -= remlen;
326 }
327 }
328
329 void bufchain_prefix(bufchain *ch, void **data, int *len)
330 {
331 *len = ch->head->buflen - ch->head->bufpos;
332 *data = ch->head->buf + ch->head->bufpos;
333 }
334
335 void bufchain_fetch(bufchain *ch, void *data, int len)
336 {
337 struct bufchain_granule *tmp;
338 char *data_c = (char *)data;
339
340 tmp = ch->head;
341
342 assert(ch->buffersize >= len);
343 while (len > 0) {
344 int remlen = len;
345
346 assert(tmp != NULL);
347 if (remlen >= tmp->buflen - tmp->bufpos)
348 remlen = tmp->buflen - tmp->bufpos;
349 memcpy(data_c, tmp->buf + tmp->bufpos, remlen);
350
351 tmp = tmp->next;
352 len -= remlen;
353 data_c += remlen;
354 }
355 }
356
357 /* ----------------------------------------------------------------------
358 * My own versions of malloc, realloc and free. Because I want
359 * malloc and realloc to bomb out and exit the program if they run
360 * out of memory, realloc to reliably call malloc if passed a NULL
361 * pointer, and free to reliably do nothing if passed a NULL
362 * pointer. We can also put trace printouts in, if we need to; and
363 * we can also replace the allocator with an ElectricFence-like
364 * one.
365 */
366
367 #ifdef MINEFIELD
368 void *minefield_c_malloc(size_t size);
369 void minefield_c_free(void *p);
370 void *minefield_c_realloc(void *p, size_t size);
371 #endif
372
373 #ifdef MALLOC_LOG
374 static FILE *fp = NULL;
375
376 static char *mlog_file = NULL;
377 static int mlog_line = 0;
378
379 void mlog(char *file, int line)
380 {
381 mlog_file = file;
382 mlog_line = line;
383 if (!fp) {
384 fp = fopen("putty_mem.log", "w");
385 setvbuf(fp, NULL, _IONBF, BUFSIZ);
386 }
387 if (fp)
388 fprintf(fp, "%s:%d: ", file, line);
389 }
390 #endif
391
392 void *safemalloc(size_t n, size_t size)
393 {
394 void *p;
395
396 if (n > INT_MAX / size) {
397 p = NULL;
398 } else {
399 size *= n;
400 #ifdef MINEFIELD
401 p = minefield_c_malloc(size);
402 #else
403 p = malloc(size);
404 #endif
405 }
406
407 if (!p) {
408 char str[200];
409 #ifdef MALLOC_LOG
410 sprintf(str, "Out of memory! (%s:%d, size=%d)",
411 mlog_file, mlog_line, size);
412 fprintf(fp, "*** %s\n", str);
413 fclose(fp);
414 #else
415 strcpy(str, "Out of memory!");
416 #endif
417 modalfatalbox(str);
418 }
419 #ifdef MALLOC_LOG
420 if (fp)
421 fprintf(fp, "malloc(%d) returns %p\n", size, p);
422 #endif
423 return p;
424 }
425
426 void *saferealloc(void *ptr, size_t n, size_t size)
427 {
428 void *p;
429
430 if (n > INT_MAX / size) {
431 p = NULL;
432 } else {
433 size *= n;
434 if (!ptr) {
435 #ifdef MINEFIELD
436 p = minefield_c_malloc(size);
437 #else
438 p = malloc(size);
439 #endif
440 } else {
441 #ifdef MINEFIELD
442 p = minefield_c_realloc(ptr, size);
443 #else
444 p = realloc(ptr, size);
445 #endif
446 }
447 }
448
449 if (!p) {
450 char str[200];
451 #ifdef MALLOC_LOG
452 sprintf(str, "Out of memory! (%s:%d, size=%d)",
453 mlog_file, mlog_line, size);
454 fprintf(fp, "*** %s\n", str);
455 fclose(fp);
456 #else
457 strcpy(str, "Out of memory!");
458 #endif
459 modalfatalbox(str);
460 }
461 #ifdef MALLOC_LOG
462 if (fp)
463 fprintf(fp, "realloc(%p,%d) returns %p\n", ptr, size, p);
464 #endif
465 return p;
466 }
467
468 void safefree(void *ptr)
469 {
470 if (ptr) {
471 #ifdef MALLOC_LOG
472 if (fp)
473 fprintf(fp, "free(%p)\n", ptr);
474 #endif
475 #ifdef MINEFIELD
476 minefield_c_free(ptr);
477 #else
478 free(ptr);
479 #endif
480 }
481 #ifdef MALLOC_LOG
482 else if (fp)
483 fprintf(fp, "freeing null pointer - no action taken\n");
484 #endif
485 }
486
487 /* ----------------------------------------------------------------------
488 * Debugging routines.
489 */
490
491 #ifdef DEBUG
492 extern void dputs(char *); /* defined in per-platform *misc.c */
493
494 void debug_printf(char *fmt, ...)
495 {
496 char *buf;
497 va_list ap;
498
499 va_start(ap, fmt);
500 buf = dupvprintf(fmt, ap);
501 dputs(buf);
502 sfree(buf);
503 va_end(ap);
504 }
505
506
507 void debug_memdump(void *buf, int len, int L)
508 {
509 int i;
510 unsigned char *p = buf;
511 char foo[17];
512 if (L) {
513 int delta;
514 debug_printf("\t%d (0x%x) bytes:\n", len, len);
515 delta = 15 & (int) p;
516 p -= delta;
517 len += delta;
518 }
519 for (; 0 < len; p += 16, len -= 16) {
520 dputs(" ");
521 if (L)
522 debug_printf("%p: ", p);
523 strcpy(foo, "................"); /* sixteen dots */
524 for (i = 0; i < 16 && i < len; ++i) {
525 if (&p[i] < (unsigned char *) buf) {
526 dputs(" "); /* 3 spaces */
527 foo[i] = ' ';
528 } else {
529 debug_printf("%c%02.2x",
530 &p[i] != (unsigned char *) buf
531 && i % 4 ? '.' : ' ', p[i]
532 );
533 if (p[i] >= ' ' && p[i] <= '~')
534 foo[i] = (char) p[i];
535 }
536 }
537 foo[i] = '\0';
538 debug_printf("%*s%s\n", (16 - i) * 3 + 2, "", foo);
539 }
540 }
541
542 #endif /* def DEBUG */
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator