[SECNET PATCH 02/14] util: truncmsg: New way of manipulating buffers

Sat Sep 21 17:07:47 BST 2019

No callers yet.

Signed-off-by: Ian Jackson <ijackson at chiark.greenend.org.uk>
---
 util.c | 40 ++++++++++++++++++++++++++++++++++++++++
 util.h | 10 ++++++++++
 2 files changed, 50 insertions(+)

diff --git a/util.c b/util.c
index 09cd6ad..529c1e4 100644
--- a/util.c
+++ b/util.c
@@ -344,6 +344,46 @@ void buf_append_string(struct buffer_if *buf, cstring_t s)
     BUF_ADD_BYTES(append,buf,s,len);
 }
 
+void truncmsg_add_string(struct buffer_if *buf, cstring_t s)
+{
+    int32_t l = MIN((int32_t)strlen(s), buf_remaining_space(buf));
+    BUF_ADD_BYTES(append, buf, s, l);
+}
+void truncmsg_add_packet_string(struct buffer_if *buf, int32_t l,
+				const uint8_t *s)
+{
+    char c;
+    while (l-- > 0) {
+	c = *s++;
+	if (c >= ' ' && c <= 126 && c != '\\' && c != '"' && c != '\'') {
+	    if (!buf_remaining_space(buf)) break;
+	    buf->start[buf->size++] = c;
+	    continue;
+	}
+	char quoted[5];
+	quoted[0] = '\\';
+	quoted[2] = 0;
+	switch (c) {
+	case '\n': quoted[1] = 'n'; break;
+	case '\r': quoted[1] = 'r'; break;
+	case '\t': quoted[1] = 't'; break;
+	case '\\': case '"': case '\'': quoted[1] = c; break;
+	default: sprintf(quoted, "\\x%02x", (unsigned)c);
+	}
+	truncmsg_add_string(buf, quoted);
+    }
+}
+const char *truncmsg_terminate(const struct buffer_if *buf)
+{
+    if (buf_remaining_space(buf)) {
+	buf->start[buf->size] = 0;
+    } else {
+	assert(buf->size >= 4);
+	strcpy(buf->start + buf->size - 4, "...");
+    }
+    return buf->start;
+}
+
 void buffer_new(struct buffer_if *buf, int32_t len)
 {
     buf->free=True;
diff --git a/util.h b/util.h
index 85de6df..199bd6e 100644
--- a/util.h
+++ b/util.h
@@ -49,6 +49,16 @@ extern void *buf_prepend(struct buffer_if *buf, int32_t amount);
 extern void *buf_unappend(struct buffer_if *buf, int32_t amount);
 extern void *buf_unprepend(struct buffer_if *buf, int32_t amount);
 
+/* These construct a message in a buffer, truncating if necessary.
+ * _string is only safe for trusted input and *not* UTF-8 (sorry).
+ * _packet_string is safe for any input, including untrusted.
+ * _terminate arranges for the buffer to be null-terminated (and
+ * maybe for a trailing `...' to indicate truncation), and returns
+ * a pointer to the null-terminated string. */
+void truncmsg_add_string(struct buffer_if *buf, cstring_t s);
+void truncmsg_add_packet_string(struct buffer_if*, int32_t, const uint8_t*);
+const char *truncmsg_terminate(const struct buffer_if *buf);
+
 /*
  * void BUF_ADD_BYTES(append,    struct buffer_if*, const void*, int32_t size);
  * void BUF_ADD_BYTES(prepend,   struct buffer_if*, const void*, int32_t size);
-- 
2.11.0


