From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sat, 21 Sep 2019 12:19:37 +0000 (+0100)
Subject: util: truncmsg: New way of manipulating buffers
X-Git-Tag: v0.5.0~14
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=commitdiff_plain;h=4add64aaef1218968a81af964ec66ab39e0755c4

util: truncmsg: New way of manipulating buffers

No callers yet.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/util.c b/util.c
index 6f4854f..d0c3d96 100644
--- a/util.c
+++ b/util.c
@@ -361,6 +361,46 @@ void buf_append_string(struct buffer_if *buf, cstring_t s)
     BUF_ADD_BYTES(append,buf,s,len);
 }
 
+void truncmsg_add_string(struct buffer_if *buf, cstring_t s)
+{
+    int32_t l = MIN((int32_t)strlen(s), buf_remaining_space(buf));
+    BUF_ADD_BYTES(append, buf, s, l);
+}
+void truncmsg_add_packet_string(struct buffer_if *buf, int32_t l,
+				const uint8_t *s)
+{
+    char c;
+    while (l-- > 0) {
+	c = *s++;
+	if (c >= ' ' && c <= 126 && c != '\\' && c != '"' && c != '\'') {
+	    if (!buf_remaining_space(buf)) break;
+	    buf->start[buf->size++] = c;
+	    continue;
+	}
+	char quoted[5];
+	quoted[0] = '\\';
+	quoted[2] = 0;
+	switch (c) {
+	case '\n': quoted[1] = 'n'; break;
+	case '\r': quoted[1] = 'r'; break;
+	case '\t': quoted[1] = 't'; break;
+	case '\\': case '"': case '\'': quoted[1] = c; break;
+	default: sprintf(quoted, "\\x%02x", (unsigned)c);
+	}
+	truncmsg_add_string(buf, quoted);
+    }
+}
+const char *truncmsg_terminate(const struct buffer_if *buf)
+{
+    if (buf_remaining_space(buf)) {
+	buf->start[buf->size] = 0;
+    } else {
+	assert(buf->size >= 4);
+	strcpy(buf->start + buf->size - 4, "...");
+    }
+    return buf->start;
+}
+
 void buffer_new(struct buffer_if *buf, int32_t len)
 {
     buf->free=True;
diff --git a/util.h b/util.h
index 598e2b6..d783cd0 100644
--- a/util.h
+++ b/util.h
@@ -49,6 +49,16 @@ extern void *buf_prepend(struct buffer_if *buf, int32_t amount);
 extern void *buf_unappend(struct buffer_if *buf, int32_t amount);
 extern void *buf_unprepend(struct buffer_if *buf, int32_t amount);
 
+/* These construct a message in a buffer, truncating if necessary.
+ * _string is only safe for trusted input and *not* UTF-8 (sorry).
+ * _packet_string is safe for any input, including untrusted.
+ * _terminate arranges for the buffer to be null-terminated (and
+ * maybe for a trailing `...' to indicate truncation), and returns
+ * a pointer to the null-terminated string. */
+void truncmsg_add_string(struct buffer_if *buf, cstring_t s);
+void truncmsg_add_packet_string(struct buffer_if*, int32_t, const uint8_t*);
+const char *truncmsg_terminate(const struct buffer_if *buf);
+
 /*
  * void BUF_ADD_BYTES(append,    struct buffer_if*, const void*, int32_t size);
  * void BUF_ADD_BYTES(prepend,   struct buffer_if*, const void*, int32_t size);