1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
|
.\"-
.\" Copyright (c) 2000 Poul Henning Kamp and Dag-Erling Coïdan Smørgrav
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd January 28, 2001
.Dt SBUF 9
.Os
.Sh NAME
.Nm sbuf_new ,
.Nm sbuf_clear ,
.Nm sbuf_setpos ,
.Nm sbuf_bcat ,
.Nm sbuf_bcopyin ,
.Nm sbuf_bcpy ,
.Nm sbuf_cat ,
.Nm sbuf_copyin ,
.Nm sbuf_cpy ,
.Nm sbuf_printf ,
.Nm sbuf_putc ,
.Nm sbuf_overflowed ,
.Nm sbuf_finish ,
.Nm sbuf_data ,
.Nm sbuf_len ,
.Nm sbuf_delete
.Nd safe string formatting
.Sh SYNOPSIS
.Fd #include <sys/types.h>
.Fd #include <sys/sbuf.h>
.Ft struct sbuf *s
.Fn sbuf_new "struct sbuf *s" "char *buf" "int length" "int flags"
.Ft void
.Fn sbuf_clear "struct sbuf *s"
.Ft int
.Fn sbuf_setpos "struct sbuf *s" "int pos"
.Ft int
.Fn sbuf_bcat "struct sbuf *s" "const char *str" "size_t len"
.Ft int
.Fn sbuf_bcopyin "struct sbuf *s" "const void *uaddr" "size_t len"
.Ft int
.Fn sbuf_bcpy "struct sbuf *s" "const char *str" "size_t len"
.Ft int
.Fn sbuf_cat "struct sbuf *s" "const char *str"
.Ft int
.Fn sbuf_copyin "struct sbuf *s" "const void *uaddr" "size_t len"
.Ft int
.Fn sbuf_cpy "struct sbuf *s" "const char *str"
.Ft int
.Fn sbuf_printf "struct sbuf *s" "const char *fmt" "..."
.Ft int
.Fn sbuf_putc "struct sbuf *s" "int c"
.Ft int
.Fn sbuf_overflowed "struct sbuf *s"
.Ft void
.Fn sbuf_finish "struct sbuf *s"
.Ft char *
.Fn sbuf_data "struct sbuf *s"
.Ft int
.Fn sbuf_len "struct sbuf *s"
.Ft void
.Fn sbuf_delete "struct sbuf *s"
.Sh DESCRIPTION
The
.Nm sbuf
family of functions allows one to safely allocate, construct and
release bounded null-terminated strings in kernel space.
Instead of arrays of characters, these functions operate on structures
called
.Fa sbufs ,
defined in
.Aq Pa sys/sbuf.h .
.Pp
The
.Fn sbuf_new
function initializes the
.Fa sbuf
pointed to by its first argument.
If that pointer is
.Dv NULL ,
.Fn sbuf_new
allocates a
.Vt struct sbuf
using
.Xr malloc 9 .
The
.Fa buf
argument is a pointer to a buffer in which to store the actual string;
if it is
.Dv NULL ,
.Fn sbuf_new
will allocate one using
.Xr malloc 9 .
The
.Fa length
is the intended size of the storage buffer.
The fourth argument,
.Fa flags ,
is currently unused and should always be set to zero.
.Pp
Note that if
.Fa buf
is not
.Dv NULL ,
it must point to an array of at least
.Fa length
characters.
.Pp
The
.Fn sbuf_clear
function invalidates the contents of the
.Fa sbuf
and resets its position to zero.
.Pp
The
.Fn sbuf_setpos
function sets the
.Fa sbuf Ns 's
current position to
.Fa pos ,
which is a value between zero and one less than the size of the
storage buffer.
.Pp
The
.Fn sbuf_bcat
function appends the first
.Fa len
bytes from the byte string
.Fa str
to the
.Fa sbuf .
.Pp
The
.Fn sbuf_bcopyin
function copies
.Fa len
bytes from the specified userland address into the
.Fa sbuf .
.Pp
The
.Fn sbuf_bcpy
function replaces the contents of the
.Fa sbuf
with the first
.Fa len
bytes from the byte string
.Fa str .
.Pp
The
.Fn sbuf_cat
function appends the NUL-terminated string
.Fa str
to the
.Fa sbuf
at the current position.
.Pp
The
.Fn sbuf_copyin
function copies a NUL-terminated string from the specified userland
address into the
.Fa sbuf .
If the
.Fa len
argument is non-zero, no more than
.Fa len
characters (not counting the terminating NUL) are copied; otherwise
the entire string, or as much of it as can fit in the
.Fa sbuf ,
is copied.
.Pp
The
.Fn sbuf_cpy
function replaces the contents of the
.Fa sbuf
with those of the NUL-terminated string
.Fa str .
This is equivalent to calling
.Fn sbuf_cat
with a fresh
.Fa sbuf
or one which position has been reset to zero with
.Fn sbuf_clear
or
.Fn sbuf_setpos .
.Pp
The
.Fn sbuf_printf
function formats its arguments according to the format string pointed
to by
.Fa fmt
and appends the resulting string to the
.Fa sbuf
at the current position.
.Pp
The
.Fn sbuf_putc
function appends the character
.Fa c
to the
.Fa sbuf
at the current position.
.Pp
The
.Fn sbuf_overflowed
function returns a non-zero value if the
.Fa sbuf
overflowed.
.Pp
The
.Fn sbuf_finish
function null-terminates the
.Fa sbuf
and marks it as finished, which means that it may no longer be
modified using
.Fn sbuf_setpos ,
.Fn sbuf_cat ,
.Fn sbuf_cpy ,
.Fn sbuf_printf
or
.Fn sbuf_putc .
.Pp
The
.Fn sbuf_data
and
.Fn sbuf_len
functions return the actual string and its length, respectively;
.Fn sbuf_data
only works on a finished
.Fa sbuf .
.Pp
Finally, the
.Fn sbuf_delete
function clears the
.Fa sbuf
and frees its storage buffer if it was allocated by
.Fn sbuf_new .
.Sh NOTES
If an operation caused an
.Fa sbuf
to overflow, most subsequent operations on it will fail until the
.Fa sbuf
is finished using
.Fn sbuf_finish
or reset using
.Fn sbuf_clear ,
or its position is reset to a value between 0 and one less than the
size of its storage buffer using
.Fn sbuf_setpos ,
or it is reinitialized to a sufficiently short string using
.Fn sbuf_cpy .
.Sh RETURN VALUES
.Fn sbuf_new
returns
.Dv NULL
if it failed to allocate a storage buffer, and a pointer to the new
.Fa sbuf
otherwise.
.Pp
.Fn sbuf_setpos
returns \-1 if
.Fa pos
was invalid, and zero otherwise.
.Pp
.Fn sbuf_cat ,
.Fn sbuf_cpy ,
.Fn sbuf_printf ,
and
.Fn sbuf_putc
all return \-1 if the buffer overflowed, and zero otherwise.
.Pp
.Fn sbuf_overflowed
returns a non-zero value if the buffer overflowed, and zero otherwise.
.Pp
.Fn sbuf_data
and
.Fn sbuf_len
return
.Dv NULL
and \-1, respectively, if the buffer overflowed.
.Sh SEE ALSO
.Xr printf 3 ,
.Xr strcat 3 ,
.Xr strcpy 3 ,
.Xr copyin 9 ,
.Xr copyinstr 9
.Sh HISTORY
The
.Nm sbuf
family of functions first appeared in
.Fx 5.0 .
.Sh AUTHORS
.An -nosplit
The
.Nm sbuf
family of functions was designed by
.An Poul-Henning Kamp Aq phk@FreeBSD.org
and implemented by
.An Dag-Erling Co\(:idan Sm\(/orgrav Aq des@FreeBSD.org .
Additional improvements were suggested by
.An Justin T. Gibbs Aq gibbs@FreeBSD.org .
.Pp
This manual page was written by
.An Dag-Erling Co\(:idan Sm\(/orgrav .
|