X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/3d88e64dfcf5dc0fd361ce0c504c67a9196ce44c..9d210cac4691e1c74644c9d0b6a25d3a36af648e:/misc.c diff --git a/misc.c b/misc.c index 3fea3746..474bf024 100644 --- a/misc.c +++ b/misc.c @@ -1,3 +1,7 @@ +/* + * Platform-independent routines shared between all PuTTY programs. + */ + #include #include #include @@ -11,9 +15,12 @@ char *dupstr(const char *s) { - int len = strlen(s); - char *p = snewn(len + 1, char); - strcpy(p, s); + char *p = NULL; + if (s) { + int len = strlen(s); + p = snewn(len + 1, char); + strcpy(p, s); + } return p; } @@ -54,13 +61,46 @@ char *dupcat(const char *s1, ...) /* * Do an sprintf(), but into a custom-allocated buffer. * - * Irritatingly, we don't seem to be able to do this portably using - * vsnprintf(), because there appear to be issues with re-using the - * same va_list for two calls, and the excellent C99 va_copy is not - * yet widespread. Bah. Instead I'm going to do a horrid, horrid - * hack, in which I trawl the format string myself, work out the - * maximum length of each format component, and resize the buffer - * before printing it. + * Currently I'm doing this via vsnprintf. This has worked so far, + * but it's not good, because: + * + * - vsnprintf is not available on all platforms. There's an ifdef + * to use `_vsnprintf', which seems to be the local name for it + * on Windows. Other platforms may lack it completely, in which + * case it'll be time to rewrite this function in a totally + * different way. + * + * - technically you can't reuse a va_list like this: it is left + * unspecified whether advancing a va_list pointer modifies its + * value or something it points to, so on some platforms calling + * vsnprintf twice on the same va_list might fail hideously. It + * would be better to use the `va_copy' macro mandated by C99, + * but that too is not yet ubiquitous. + * + * The only `properly' portable solution I can think of is to + * implement my own format string scanner, which figures out an + * upper bound for the length of each formatting directive, + * allocates the buffer as it goes along, and calls sprintf() to + * actually process each directive. If I ever need to actually do + * this, some caveats: + * + * - It's very hard to find a reliable upper bound for + * floating-point values. %f, in particular, when supplied with + * a number near to the upper or lower limit of representable + * numbers, could easily take several hundred characters. It's + * probably feasible to predict this statically using the + * constants in , or even to predict it dynamically by + * looking at the exponent of the specific float provided, but + * it won't be fun. + * + * - Don't forget to _check_, after calling sprintf, that it's + * used at most the amount of space we had available. + * + * - Fault any formatting directive we don't fully understand. The + * aim here is to _guarantee_ that we never overflow the buffer, + * because this is a security-critical function. If we see a + * directive we don't know about, we should panic and die rather + * than run any risk. */ char *dupprintf(const char *fmt, ...) { @@ -101,6 +141,29 @@ char *dupvprintf(const char *fmt, va_list ap) } } +/* + * Read an entire line of text from a file. Return a buffer + * malloced to be as big as necessary (caller must free). + */ +char *fgetline(FILE *fp) +{ + char *ret = snewn(512, char); + int size = 512, len = 0; + while (fgets(ret + len, size - len, fp)) { + len += strlen(ret + len); + if (ret[len-1] == '\n') + break; /* got a newline, we're done */ + size = len + 512; + ret = sresize(ret, size, char); + } + if (len == 0) { /* first fgets returned NULL */ + sfree(ret); + return NULL; + } + ret[len] = '\0'; + return ret; +} + /* ---------------------------------------------------------------------- * Base64 encoding routine. This is required in public-key writing * but also in HTTP proxy handling, so it's centralised here. @@ -178,6 +241,8 @@ void bufchain_add(bufchain *ch, const void *data, int len) { const char *buf = (const char *)data; + if (len == 0) return; + ch->buffersize += len; if (ch->tail && ch->tail->buflen < BUFFER_GRANULE) {