util.c 70.6 KB
Newer Older
1
2
/* Copyright (c) 2003, Roger Dingledine
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Karsten Loesing's avatar
Karsten Loesing committed
3
 * Copyright (c) 2007-2009, The Tor Project, Inc. */
4
5
/* See LICENSE for licensing information */

6
7
8
/**
 * \file util.c
 * \brief Common functions for strings, IO, network, data structures,
9
 * process control.
10
 **/
11

12
13
14
15
/* This is required on rh7 to make strptime not complain.
 */
#define _GNU_SOURCE

16
#include "orconfig.h"
Nick Mathewson's avatar
Nick Mathewson committed
17
18
19
#include "util.h"
#include "log.h"
#include "crypto.h"
20
#include "torint.h"
21
#include "container.h"
22
#include "address.h"
23
24
25
26

#ifdef MS_WINDOWS
#include <io.h>
#include <direct.h>
27
#include <process.h>
28
29
#else
#include <dirent.h>
30
#include <pwd.h>
31
32
#endif

33
34
35
36
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <assert.h>
37

38
39
40
41
42
43
44
45
46
47
48
49
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
50
51
52
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
53
54
55
56
57
58
59
60
61
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_SYS_FCNTL_H
#include <sys/fcntl.h>
#endif
62
63
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
64
#endif
65
66
67
#ifdef HAVE_TIME_H
#include <time.h>
#endif
68
69
70
71
#ifdef HAVE_MALLOC_MALLOC_H
#include <malloc/malloc.h>
#endif
#ifdef HAVE_MALLOC_H
72
73
74
75
#ifndef OPENBSD
/* OpenBSD has a malloc.h, but for our purposes, it only exists in order to
 * scold us for being so stupid as to autodetect its presence.  To be fair,
 * they've done this since 1996, when autoconf was only 5 years old. */
76
77
#include <malloc.h>
#endif
78
#endif
79
80
81
#ifdef HAVE_MALLOC_NP_H
#include <malloc_np.h>
#endif
82

83
84
85
/* =====
 * Memory management
 * ===== */
86
#ifdef USE_DMALLOC
87
 #undef strndup
88
 #include <dmalloc.h>
89
 /* Macro to pass the extra dmalloc args to another function. */
90
 #define DMALLOC_FN_ARGS , file, line
91
92
93
94
95
96
97
98
99
100
101

 #if defined(HAVE_DMALLOC_STRDUP)
 /* the dmalloc_strdup should be fine as defined */
 #elif defined(HAVE_DMALLOC_STRNDUP)
 #define dmalloc_strdup(file, line, string, xalloc_b) \
         dmalloc_strndup(file, line, (string), -1, xalloc_b)
 #else
 #error "No dmalloc_strdup or equivalent"
 #endif

#else /* not using dmalloc */
102

103
 #define DMALLOC_FN_ARGS
104
#endif
105

106
/** Allocate a chunk of <b>size</b> bytes of memory, and return a pointer to
107
108
 * result.  On error, log and terminate the process.  (Same as malloc(size),
 * but never returns NULL.)
109
110
111
 *
 * <b>file</b> and <b>line</b> are used if dmalloc is enabled, and
 * ignored otherwise.
112
 */
113
void *
114
_tor_malloc(size_t size DMALLOC_PARAMS)
115
{
116
117
  void *result;

118
#ifndef MALLOC_ZERO_WORKS
119
  /* Some libc mallocs don't work when size==0. Override them. */
120
121
122
  if (size==0) {
    size=1;
  }
123
#endif
124
125

#ifdef USE_DMALLOC
126
  result = dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
127
128
129
#else
  result = malloc(size);
#endif
130

131
  if (PREDICT_UNLIKELY(result == NULL)) {
132
    log_err(LD_MM,"Out of memory on malloc(). Dying.");
133
134
135
    /* If these functions die within a worker process, they won't call
     * spawn_exit, but that's ok, since the parent will run out of memory soon
     * anyway. */
136
137
138
139
140
    exit(1);
  }
  return result;
}

141
/** Allocate a chunk of <b>size</b> bytes of memory, fill the memory with
142
143
144
 * zero bytes, and return a pointer to the result.  Log and terminate
 * the process on error.  (Same as calloc(size,1), but never returns NULL.)
 */
145
void *
146
_tor_malloc_zero(size_t size DMALLOC_PARAMS)
147
{
148
149
150
151
152
153
  /* You may ask yourself, "wouldn't it be smart to use calloc instead of
   * malloc+memset?  Perhaps libc's calloc knows some nifty optimization trick
   * we don't!"  Indeed it does, but its optimizations are only a big win when
   * we're allocating something very big (it knows if it just got the memory
   * from the OS in a pre-zeroed state).  We don't want to use tor_malloc_zero
   * for big stuff, so we don't bother with calloc. */
154
  void *result = _tor_malloc(size DMALLOC_FN_ARGS);
155
156
157
158
  memset(result, 0, size);
  return result;
}

159
/** Change the size of the memory block pointed to by <b>ptr</b> to <b>size</b>
160
161
162
 * bytes long; return the new memory block.  On error, log and
 * terminate. (Like realloc(ptr,size), but never returns NULL.)
 */
163
void *
164
_tor_realloc(void *ptr, size_t size DMALLOC_PARAMS)
165
{
166
  void *result;
167

168
#ifdef USE_DMALLOC
169
  result = dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
170
171
172
173
#else
  result = realloc(ptr, size);
#endif

174
  if (PREDICT_UNLIKELY(result == NULL)) {
175
    log_err(LD_MM,"Out of memory on realloc(). Dying.");
176
177
178
179
180
    exit(1);
  }
  return result;
}

181
/** Return a newly allocated copy of the NUL-terminated string s. On
182
183
184
 * error, log and terminate.  (Like strdup(s), but never returns
 * NULL.)
 */
185
char *
186
_tor_strdup(const char *s DMALLOC_PARAMS)
187
{
188
  char *dup;
189
  tor_assert(s);
190

191
#ifdef USE_DMALLOC
192
  dup = dmalloc_strdup(file, line, s, 0);
193
#else
194
195
  dup = strdup(s);
#endif
196
  if (PREDICT_UNLIKELY(dup == NULL)) {
197
    log_err(LD_MM,"Out of memory on strdup(). Dying.");
198
199
200
201
202
    exit(1);
  }
  return dup;
}

203
204
205
206
207
/** Allocate and return a new string containing the first <b>n</b>
 * characters of <b>s</b>.  If <b>s</b> is longer than <b>n</b>
 * characters, only the first <b>n</b> are copied.  The result is
 * always NUL-terminated.  (Like strndup(s,n), but never returns
 * NULL.)
208
 */
209
char *
210
_tor_strndup(const char *s, size_t n DMALLOC_PARAMS)
211
{
212
  char *dup;
213
  tor_assert(s);
214
  dup = _tor_malloc((n+1) DMALLOC_FN_ARGS);
215
  /* Performance note: Ordinarily we prefer strlcpy to strncpy.  But
216
217
218
   * this function gets called a whole lot, and platform strncpy is
   * much faster than strlcpy when strlen(s) is much longer than n.
   */
Nick Mathewson's avatar
Nick Mathewson committed
219
  strncpy(dup, s, n);
220
  dup[n]='\0';
221
  return dup;
Nick Mathewson's avatar
Nick Mathewson committed
222
223
}

224
225
/** Allocate a chunk of <b>len</b> bytes, with the same contents as the
 * <b>len</b> bytes starting at <b>mem</b>. */
Nick Mathewson's avatar
Nick Mathewson committed
226
227
228
229
230
231
232
233
void *
_tor_memdup(const void *mem, size_t len DMALLOC_PARAMS)
{
  char *dup;
  tor_assert(mem);
  dup = _tor_malloc(len DMALLOC_FN_ARGS);
  memcpy(dup, mem, len);
  return dup;
234
235
}

236
237
238
/** Helper for places that need to take a function pointer to the right
 * spelling of "free()". */
void
239
240
_tor_free(void *mem)
{
241
242
243
  tor_free(mem);
}

244
245
246
247
248
249
250
251
#if defined(HAVE_MALLOC_GOOD_SIZE) && !defined(HAVE_MALLOC_GOOD_SIZE_PROTOTYPE)
/* Some version of Mac OSX have malloc_good_size in their libc, but not
 * actually defined in malloc/malloc.h.  We detect this and work around it by
 * prototyping.
 */
extern size_t malloc_good_size(size_t size);
#endif

252
/** Allocate and return a chunk of memory of size at least *<b>size</b>, using
253
254
255
256
257
258
259
260
 * the same resources we would use to malloc *<b>sizep</b>.  Set *<b>sizep</b>
 * to the number of usable bytes in the chunk of memory. */
void *
_tor_malloc_roundup(size_t *sizep DMALLOC_PARAMS)
{
#ifdef HAVE_MALLOC_GOOD_SIZE
  *sizep = malloc_good_size(*sizep);
  return _tor_malloc(*sizep DMALLOC_FN_ARGS);
261
262
263
#elif 0 && defined(HAVE_MALLOC_USABLE_SIZE) && !defined(USE_DMALLOC)
  /* Never use malloc_usable_size(); it makes valgrind really unhappy,
   * and doesn't win much in terms of usable space where it exists. */
264
265
266
267
  void *result = _tor_malloc(*sizep DMALLOC_FN_ARGS);
  *sizep = malloc_usable_size(result);
  return result;
#else
268
  return _tor_malloc(*sizep DMALLOC_FN_ARGS);
269
270
271
#endif
}

272
273
/** Call the platform malloc info function, and dump the results to the log at
 * level <b>severity</b>.  If no such function exists, do nothing. */
274
275
276
277
278
279
280
281
282
283
284
285
286
287
void
tor_log_mallinfo(int severity)
{
#ifdef HAVE_MALLINFO
  struct mallinfo mi;
  memset(&mi, 0, sizeof(mi));
  mi = mallinfo();
  log(severity, LD_MM,
      "mallinfo() said: arena=%d, ordblks=%d, smblks=%d, hblks=%d, "
      "hblkhd=%d, usmblks=%d, fsmblks=%d, uordblks=%d, fordblks=%d, "
      "keepcost=%d",
      mi.arena, mi.ordblks, mi.smblks, mi.hblks,
      mi.hblkhd, mi.usmblks, mi.fsmblks, mi.uordblks, mi.fordblks,
      mi.keepcost);
288
289
#else
  (void)severity;
290
#endif
291
#ifdef USE_DMALLOC
292
293
294
295
296
  dmalloc_log_changed(0, /* Since the program started. */
                      1, /* Log info about non-freed pointers. */
                      0, /* Do not log info about freed pointers. */
                      0  /* Do not log individual pointers. */
                      );
297
#endif
298
299
}

300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
/* =====
 * Math
 * ===== */

/** Returns floor(log2(u64)).  If u64 is 0, (incorrectly) returns 0. */
int
tor_log2(uint64_t u64)
{
  int r = 0;
  if (u64 >= (U64_LITERAL(1)<<32)) {
    u64 >>= 32;
    r = 32;
  }
  if (u64 >= (U64_LITERAL(1)<<16)) {
    u64 >>= 16;
    r += 16;
  }
  if (u64 >= (U64_LITERAL(1)<<8)) {
    u64 >>= 8;
    r += 8;
  }
  if (u64 >= (U64_LITERAL(1)<<4)) {
    u64 >>= 4;
    r += 4;
  }
  if (u64 >= (U64_LITERAL(1)<<2)) {
    u64 >>= 2;
    r += 2;
  }
  if (u64 >= (U64_LITERAL(1)<<1)) {
    u64 >>= 1;
    r += 1;
  }
  return r;
}

/** Return the power of 2 closest to <b>u64</b>. */
uint64_t
round_to_power_of_2(uint64_t u64)
{
  int lg2 = tor_log2(u64);
  uint64_t low = U64_LITERAL(1) << lg2, high = U64_LITERAL(1) << (lg2+1);
  if (high - u64 < u64 - low)
    return high;
  else
    return low;
}

348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
/** Return the lowest x such that x is at least <b>number</b>, and x modulo
 * <b>divisor</b> == 0. */
unsigned
round_to_next_multiple_of(unsigned number, unsigned divisor)
{
  number += divisor - 1;
  number -= number % divisor;
  return number;
}

/** Return the lowest x such that x is at least <b>number</b>, and x modulo
 * <b>divisor</b> == 0. */
uint32_t
round_uint32_to_next_multiple_of(uint32_t number, uint32_t divisor)
{
  number += divisor - 1;
  number -= number % divisor;
  return number;
}

/** Return the lowest x such that x is at least <b>number</b>, and x modulo
 * <b>divisor</b> == 0. */
uint64_t
round_uint64_to_next_multiple_of(uint64_t number, uint64_t divisor)
{
  number += divisor - 1;
  number -= number % divisor;
  return number;
}

378
379
380
381
/* =====
 * String manipulation
 * ===== */

382
/** Remove from the string <b>s</b> every character which appears in
383
384
 * <b>strip</b>. */
void
385
tor_strstrip(char *s, const char *strip)
386
387
388
389
390
391
392
393
394
395
396
{
  char *read = s;
  while (*read) {
    if (strchr(strip, *read)) {
      ++read;
    } else {
      *s++ = *read++;
    }
  }
  *s = '\0';
}
397

398
/** Return a pointer to a NUL-terminated hexadecimal string encoding
399
 * the first <b>fromlen</b> bytes of <b>from</b>. (fromlen must be \<= 32.) The
400
401
402
 * result does not need to be deallocated, but repeated calls to
 * hex_str will trash old results.
 */
403
404
const char *
hex_str(const char *from, size_t fromlen)
405
406
407
408
{
  static char buf[65];
  if (fromlen>(sizeof(buf)-1)/2)
    fromlen = (sizeof(buf)-1)/2;
Nick Mathewson's avatar
Nick Mathewson committed
409
  base16_encode(buf,sizeof(buf),from,fromlen);
410
411
412
  return buf;
}

413
414
/** Convert all alphabetic characters in the nul-terminated string <b>s</b> to
 * lowercase. */
415
416
void
tor_strlower(char *s)
417
418
{
  while (*s) {
419
    *s = TOR_TOLOWER(*s);
420
421
422
423
    ++s;
  }
}

Nick Mathewson's avatar
Nick Mathewson committed
424
425
/** Convert all alphabetic characters in the nul-terminated string <b>s</b> to
 * lowercase. */
426
427
void
tor_strupper(char *s)
Nick Mathewson's avatar
Nick Mathewson committed
428
429
{
  while (*s) {
430
    *s = TOR_TOUPPER(*s);
Nick Mathewson's avatar
Nick Mathewson committed
431
432
433
434
    ++s;
  }
}

435
436
437
438
439
440
441
442
443
444
445
446
447
/** Return 1 if every character in <b>s</b> is printable, else return 0.
 */
int
tor_strisprint(const char *s)
{
  while (*s) {
    if (!TOR_ISPRINT(*s))
      return 0;
    s++;
  }
  return 1;
}

448
449
450
451
452
453
/** Return 1 if no character in <b>s</b> is uppercase, else return 0.
 */
int
tor_strisnonupper(const char *s)
{
  while (*s) {
454
    if (TOR_ISUPPER(*s))
455
456
457
458
459
460
      return 0;
    s++;
  }
  return 1;
}

461
/** Compares the first strlen(s2) characters of s1 with s2.  Returns as for
462
463
 * strcmp.
 */
464
465
int
strcmpstart(const char *s1, const char *s2)
466
467
468
469
470
{
  size_t n = strlen(s2);
  return strncmp(s1, s2, n);
}

471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
/** Compare the s1_len-byte string <b>s1</b> with <b>s2</b>,
 * without depending on a terminating nul in s1.  Sorting order is first by
 * length, then lexically; return values are as for strcmp.
 */
int
strcmp_len(const char *s1, const char *s2, size_t s1_len)
{
  size_t s2_len = strlen(s2);
  if (s1_len < s2_len)
    return -1;
  if (s1_len > s2_len)
    return 1;
  return memcmp(s1, s2, s2_len);
}

486
/** Compares the first strlen(s2) characters of s1 with s2.  Returns as for
487
488
 * strcasecmp.
 */
489
490
int
strcasecmpstart(const char *s1, const char *s2)
491
492
493
494
495
{
  size_t n = strlen(s2);
  return strncasecmp(s1, s2, n);
}

496
/** Compares the last strlen(s2) characters of s1 with s2.  Returns as for
497
498
 * strcmp.
 */
499
500
int
strcmpend(const char *s1, const char *s2)
501
502
503
504
505
506
507
508
{
  size_t n1 = strlen(s1), n2 = strlen(s2);
  if (n2>n1)
    return strcmp(s1,s2);
  else
    return strncmp(s1+(n1-n2), s2, n2);
}

509
/** Compares the last strlen(s2) characters of s1 with s2.  Returns as for
510
511
 * strcasecmp.
 */
512
513
int
strcasecmpend(const char *s1, const char *s2)
514
515
{
  size_t n1 = strlen(s1), n2 = strlen(s2);
Roger Dingledine's avatar
Roger Dingledine committed
516
  if (n2>n1) /* then they can't be the same; figure out which is bigger */
517
518
519
520
521
    return strcasecmp(s1,s2);
  else
    return strncasecmp(s1+(n1-n2), s2, n2);
}

522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
/** Compare the value of the string <b>prefix</b> with the start of the
 * <b>memlen</b>-byte memory chunk at <b>mem</b>.  Return as for strcmp.
 *
 * [As memcmp(mem, prefix, strlen(prefix)) but returns -1 if memlen is less
 * than strlen(prefix).]
 */
int
memcmpstart(const void *mem, size_t memlen,
                const char *prefix)
{
  size_t plen = strlen(prefix);
  if (memlen < plen)
    return -1;
  return memcmp(mem, prefix, plen);
}

538
/** Return a pointer to the first char of s that is not whitespace and
539
540
 * not a comment, or to the terminating NUL if no such character exists.
 */
541
542
543
const char *
eat_whitespace(const char *s)
{
544
  tor_assert(s);
545

546
547
548
549
550
551
552
553
554
555
556
557
558
  while (1) {
    switch (*s) {
    case '\0':
    default:
      return s;
    case ' ':
    case '\t':
    case '\n':
    case '\r':
      ++s;
      break;
    case '#':
      ++s;
559
      while (*s && *s != '\n')
560
        ++s;
561
562
563
564
    }
  }
}

565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
/** Return a pointer to the first char of s that is not whitespace and
 * not a comment, or to the terminating NUL if no such character exists.
 */
const char *
eat_whitespace_eos(const char *s, const char *eos)
{
  tor_assert(s);
  tor_assert(eos && s <= eos);

  while (s < eos) {
    switch (*s) {
    case '\0':
    default:
      return s;
    case ' ':
    case '\t':
    case '\n':
    case '\r':
      ++s;
      break;
    case '#':
      ++s;
      while (s < eos && *s && *s != '\n')
        ++s;
    }
  }
  return s;
}

594
595
/** Return a pointer to the first char of s that is not a space or a tab
 * or a \\r, or to the terminating NUL if no such character exists. */
596
597
598
const char *
eat_whitespace_no_nl(const char *s)
{
599
  while (*s == ' ' || *s == '\t' || *s == '\r')
600
601
602
603
    ++s;
  return s;
}

604
605
/** As eat_whitespace_no_nl, but stop at <b>eos</b> whether we have
 * found a non-whitespace character or not. */
606
607
608
const char *
eat_whitespace_eos_no_nl(const char *s, const char *eos)
{
609
  while (s < eos && (*s == ' ' || *s == '\t' || *s == '\r'))
610
611
612
613
    ++s;
  return s;
}

614
/** Return a pointer to the first char of s that is whitespace or <b>#</b>,
615
 * or to the terminating NUL if no such character exists.
616
 */
617
618
619
const char *
find_whitespace(const char *s)
{
620
  /* tor_assert(s); */
621
622
623
624
625
626
627
628
629
630
631
632
633
634
  while (1) {
    switch (*s)
    {
    case '\0':
    case '#':
    case ' ':
    case '\r':
    case '\n':
    case '\t':
      return s;
    default:
      ++s;
    }
  }
635
636
}

637
638
/** As find_whitespace, but stop at <b>eos</b> whether we have found a
 * whitespace or not. */
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
const char *
find_whitespace_eos(const char *s, const char *eos)
{
  /* tor_assert(s); */
  while (s < eos) {
    switch (*s)
    {
    case '\0':
    case '#':
    case ' ':
    case '\r':
    case '\n':
    case '\t':
      return s;
    default:
      ++s;
    }
  }
657
  return s;
658
659
}

660
/** Return true iff the 'len' bytes at 'mem' are all zero. */
Nick Mathewson's avatar
Nick Mathewson committed
661
662
int
tor_mem_is_zero(const char *mem, size_t len)
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
{
  static const char ZERO[] = {
    0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
  };
  while (len >= sizeof(ZERO)) {
    if (memcmp(mem, ZERO, sizeof(ZERO)))
      return 0;
    len -= sizeof(ZERO);
    mem += sizeof(ZERO);
  }
  /* Deal with leftover bytes. */
  if (len)
    return ! memcmp(mem, ZERO, len);

  return 1;
}

680
681
682
683
/** Return true iff the DIGEST_LEN bytes in digest are all zero. */
int
tor_digest_is_zero(const char *digest)
{
684
  return tor_mem_is_zero(digest, DIGEST_LEN);
685
686
}

687
688
689
690
691
692
693
/** Return true iff the DIGEST256_LEN bytes in digest are all zero. */
int
tor_digest256_is_zero(const char *digest)
{
  return tor_mem_is_zero(digest, DIGEST256_LEN);
}

694
695
/* Helper: common code to check whether the result of a strtol or strtoul or
 * strtoll is correct. */
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
#define CHECK_STRTOX_RESULT()                           \
  /* Was at least one character converted? */           \
  if (endptr == s)                                      \
    goto err;                                           \
  /* Were there unexpected unconverted characters? */   \
  if (!next && *endptr)                                 \
    goto err;                                           \
  /* Is r within limits? */                             \
  if (r < min || r > max)                               \
    goto err;                                           \
  if (ok) *ok = 1;                                      \
  if (next) *next = endptr;                             \
  return r;                                             \
 err:                                                   \
  if (ok) *ok = 0;                                      \
  if (next) *next = endptr;                             \
712
  return 0
713

714
715
716
717
718
719
/** Extract a long from the start of s, in the given numeric base.  If
 * there is unconverted data and next is provided, set *next to the
 * first unconverted character.  An error has occurred if no characters
 * are converted; or if there are unconverted characters and next is NULL; or
 * if the parsed value is not between min and max.  When no error occurs,
 * return the parsed value and set *ok (if provided) to 1.  When an error
720
 * occurs, return 0 and set *ok (if provided) to 0.
721
 */
722
long
723
724
tor_parse_long(const char *s, int base, long min, long max,
               int *ok, char **next)
725
{
726
727
  char *endptr;
  long r;
728

729
  r = strtol(s, &endptr, base);
730
  CHECK_STRTOX_RESULT();
731
732
}

Roger Dingledine's avatar
Roger Dingledine committed
733
/** As tor_parse_long(), but return an unsigned long. */
734
735
736
737
738
739
740
unsigned long
tor_parse_ulong(const char *s, int base, unsigned long min,
                unsigned long max, int *ok, char **next)
{
  char *endptr;
  unsigned long r;

741
742
  r = strtoul(s, &endptr, base);
  CHECK_STRTOX_RESULT();
743
}
744

745
746
747
748
749
750
751
752
753
754
755
/** As tor_parse_long(), but return a double. */
double
tor_parse_double(const char *s, double min, double max, int *ok, char **next)
{
  char *endptr;
  double r;

  r = strtod(s, &endptr);
  CHECK_STRTOX_RESULT();
}

Sebastian Hahn's avatar
typo    
Sebastian Hahn committed
756
/** As tor_parse_long, but return a uint64_t.  Only base 10 is guaranteed to
757
 * work for now. */
758
759
760
761
762
763
764
765
766
767
uint64_t
tor_parse_uint64(const char *s, int base, uint64_t min,
                 uint64_t max, int *ok, char **next)
{
  char *endptr;
  uint64_t r;

#ifdef HAVE_STRTOULL
  r = (uint64_t)strtoull(s, &endptr, base);
#elif defined(MS_WINDOWS)
768
#if defined(_MSC_VER) && _MSC_VER < 1300
769
770
771
  tor_assert(base <= 10);
  r = (uint64_t)_atoi64(s);
  endptr = (char*)s;
772
773
  while (TOR_ISSPACE(*endptr)) endptr++;
  while (TOR_ISDIGIT(*endptr)) endptr++;
774
#else
775
  r = (uint64_t)_strtoui64(s, &endptr, base);
776
#endif
777
778
779
780
#elif SIZEOF_LONG == 8
  r = (uint64_t)strtoul(s, &endptr, base);
#else
#error "I don't know how to parse 64-bit numbers."
781
#endif
782

783
784
785
  CHECK_STRTOX_RESULT();
}

786
787
788
789
/** Encode the <b>srclen</b> bytes at <b>src</b> in a NUL-terminated,
 * uppercase hexadecimal string; store it in the <b>destlen</b>-byte buffer
 * <b>dest</b>.
 */
790
791
void
base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
792
793
794
795
796
{
  const char *end;
  char *cp;

  tor_assert(destlen >= srclen*2+1);
797
  tor_assert(destlen < SIZE_T_CEILING);
798
799
800
801

  cp = dest;
  end = src+srclen;
  while (src<end) {
802
803
    *cp++ = "0123456789ABCDEF"[ (*(const uint8_t*)src) >> 4 ];
    *cp++ = "0123456789ABCDEF"[ (*(const uint8_t*)src) & 0xf ];
804
805
806
807
808
    ++src;
  }
  *cp = '\0';
}

809
/** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
810
static INLINE int
811
_hex_decode_digit(char c)
812
{
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
  switch (c) {
    case '0': return 0;
    case '1': return 1;
    case '2': return 2;
    case '3': return 3;
    case '4': return 4;
    case '5': return 5;
    case '6': return 6;
    case '7': return 7;
    case '8': return 8;
    case '9': return 9;
    case 'A': case 'a': return 10;
    case 'B': case 'b': return 11;
    case 'C': case 'c': return 12;
    case 'D': case 'd': return 13;
    case 'E': case 'e': return 14;
    case 'F': case 'f': return 15;
    default:
      return -1;
  }
833
834
}

835
836
837
838
839
840
841
/** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
int
hex_decode_digit(char c)
{
  return _hex_decode_digit(c);
}

842
/** Given a hexadecimal string of <b>srclen</b> bytes in <b>src</b>, decode it
843
844
 * and store the result in the <b>destlen</b>-byte buffer at <b>dest</b>.
 * Return 0 on success, -1 on failure. */
845
846
int
base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
847
848
{
  const char *end;
849

850
851
852
  int v1,v2;
  if ((srclen % 2) != 0)
    return -1;
853
  if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
854
855
856
    return -1;
  end = src+srclen;
  while (src<end) {
857
858
    v1 = _hex_decode_digit(*src);
    v2 = _hex_decode_digit(*(src+1));
859
    if (v1<0||v2<0)
860
861
862
863
864
865
866
867
      return -1;
    *(uint8_t*)dest = (v1<<4)|v2;
    ++dest;
    src+=2;
  }
  return 0;
}

868
869
870
/** Allocate and return a new string representing the contents of <b>s</b>,
 * surrounded by quotes and using standard C escapes.
 *
871
872
873
 * Generally, we use this for logging values that come in over the network to
 * keep them from tricking users, and for sending certain values to the
 * controller.
874
875
876
877
878
879
880
881
882
883
884
885
 *
 * We trust values from the resolver, OS, configuration file, and command line
 * to not be maliciously ill-formed.  We validate incoming routerdescs and
 * SOCKS requests and addresses from BEGIN cells as they're parsed;
 * afterwards, we trust them as non-malicious.
 */
char *
esc_for_log(const char *s)
{
  const char *cp;
  char *result, *outp;
  size_t len = 3;
886
887
888
889
  if (!s) {
    return tor_strdup("");
  }

890
891
892
893
894
895
896
897
  for (cp = s; *cp; ++cp) {
    switch (*cp) {
      case '\\':
      case '\"':
      case '\'':
        len += 2;
        break;
      default:
898
        if (TOR_ISPRINT(*cp) && ((uint8_t)*cp)<127)
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
          ++len;
        else
          len += 4;
        break;
    }
  }

  result = outp = tor_malloc(len);
  *outp++ = '\"';
  for (cp = s; *cp; ++cp) {
    switch (*cp) {
      case '\\':
      case '\"':
      case '\'':
        *outp++ = '\\';
        *outp++ = *cp;
        break;
      case '\n':
        *outp++ = '\\';
        *outp++ = 'n';
        break;
      case '\t':
        *outp++ = '\\';
        *outp++ = 't';
        break;
      case '\r':
        *outp++ = '\\';
        *outp++ = 'r';
        break;
      default:
929
        if (TOR_ISPRINT(*cp) && ((uint8_t)*cp)<127) {
930
931
          *outp++ = *cp;
        } else {
932
          tor_snprintf(outp, 5, "\\%03o", (int)(uint8_t) *cp);
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
          outp += 4;
        }
        break;
    }
  }

  *outp++ = '\"';
  *outp++ = 0;

  return result;
}

/** Allocate and return a new string representing the contents of <b>s</b>,
 * surrounded by quotes and using standard C escapes.
 *
 * THIS FUNCTION IS NOT REENTRANT.  Don't call it from outside the main
 * thread.  Also, each call invalidates the last-returned value, so don't
 * try log_warn(LD_GENERAL, "%s %s", escaped(a), escaped(b));
 */
const char *
escaped(const char *s)
{
  static char *_escaped_val = NULL;
956
  tor_free(_escaped_val);
957
958
959
960
961
962
963
964
965

  if (s)
    _escaped_val = esc_for_log(s);
  else
    _escaped_val = NULL;

  return _escaped_val;
}

966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/** Rudimentary string wrapping code: given a un-wrapped <b>string</b> (no
 * newlines!), break the string into newline-terminated lines of no more than
 * <b>width</b> characters long (not counting newline) and insert them into
 * <b>out</b> in order.  Precede the first line with prefix0, and subsequent
 * lines with prefixRest.
 */
/* This uses a stupid greedy wrapping algorithm right now:
 *  - For each line:
 *    - Try to fit as much stuff as possible, but break on a space.
 *    - If the first "word" of the line will extend beyond the allowable
 *      width, break the word at the end of the width.
 */
void
wrap_string(smartlist_t *out, const char *string, size_t width,
            const char *prefix0, const char *prefixRest)
{
  size_t p0Len, pRestLen, pCurLen;
  const char *eos, *prefixCur;
  tor_assert(out);
  tor_assert(string);
  tor_assert(width);
  if (!prefix0)
    prefix0 = "";
  if (!prefixRest)
    prefixRest = "";

  p0Len = strlen(prefix0);
  pRestLen = strlen(prefixRest);
  tor_assert(width > p0Len && width > pRestLen);
  eos = strchr(string, '\0');
  tor_assert(eos);
  pCurLen = p0Len;
  prefixCur = prefix0;

  while ((eos-string)+pCurLen > width) {