Add arg and error checking for the string functions.

git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@310 7dcaeef0-15fb-0310-b436-a5af3365683c

include/libssh/libssh.h

@@ -212,16 +212,17 @@ int ssh_service_request(SSH_SESSION *session,char *service);
 char *ssh_get_issue_banner(SSH_SESSION *session);
 /* get copyright informations */
 const char *ssh_copyright(void);
+
 /* string.h */
 
 /* You can use these functions, they won't change */
-/* makestring returns a newly allocated string from a char * ptr */
+/* string_from_char returns a newly allocated string from a char *ptr */
 STRING *string_from_char(const char *what);
 /* it returns the string len in host byte orders. str->size is big endian warning ! */
-u32 string_len(STRING *str);
+size_t string_len(STRING *str);
-STRING *string_new(unsigned int size);
+STRING *string_new(size_t size);
-/* string_fill copies the data in the string. it does NOT check for boundary so allocate enough place with string_new */
+/* string_fill copies the data in the string. */
-void string_fill(STRING *str, const void *data,int len);
+int string_fill(STRING *str, const void *data, size_t len);
 /* returns a newly allocated char array with the str string and a final nul caracter */
 char *string_to_char(STRING *str);
 STRING *string_copy(STRING *str);

libssh/string.c

@@ -39,14 +39,41 @@
  * \param size size of the string
  * \return the newly allocated string
  */
-STRING *string_new(unsigned int size){
+struct string_struct *string_new(size_t size) {
-    STRING *str=malloc(size + 4);
+  struct string_struct *str = NULL;
-    str->size=htonl(size);
+
+  if (size == 0) {
+    return NULL;
+  }
+  str = malloc(size + 4);
+  if (str == NULL) {
+    return NULL;
+  }
+  ZERO_STRUCTP(str);
+
+  str->size = htonl(size);
   return str;
 }
 
-void string_fill(STRING *str, const void *data,int len){
+/**
-    memcpy(str->string,data,len);
+ * @brief Fill a string with given data. The string should be big enough.
+ *
+ * @param s        An allocated string to fill with data.
+ *
+ * @param data     The data to fill the string with.
+ *
+ * @param len      Size of data.
+ *
+ * @return         0 on success, < 0 on error.
+ */
+int string_fill(struct string_struct *s, const void *data, size_t len) {
+  if ((s == NULL) || (data == NULL) ||
+      (len == 0) || (len > s->size)) {
+    return -1;
+  }
+
+  memcpy(s->string, data, len);
+  return 0;
 }
 
 /**
@@ -55,22 +82,31 @@ void string_fill(STRING *str, const void *data,int len){
  * \return the newly allocated string.
  * \warning The nul byte is not copied nor counted in the ouput string.
  */
-STRING *string_from_char(const char *what){
+struct string_struct *string_from_char(const char *what) {
-	STRING *ptr;
+  struct string_struct *ptr = NULL;
-	int len=strlen(what);
+  size_t len = strlen(what);
-	ptr=malloc(4 + len);
+
-	ptr->size=htonl(len);
+  ptr = malloc(4 + len);
-	memcpy(ptr->string,what,len);
+  if (ptr == NULL) {
+    return NULL;
+  }
+  ptr->size = htonl(len);
+  memcpy(ptr->string, what, len);
+
   return ptr;
 }
 
 /**
  * \brief returns the size of a SSH string
  * \param str the input SSH string
- * \return size of the content of str
+ * \return size of the content of str, 0 on error
  */
-u32 string_len(STRING *str){
+size_t string_len(struct string_struct *s) {
-	return ntohl(str->size);
+  if (s == NULL) {
+    return 0;
+  }
+
+  return ntohl(s->size);
 }
 
 /**
@@ -80,29 +116,60 @@ u32 string_len(STRING *str){
  * \warning If the input SSH string contains zeroes, some parts of
  * the output string may not be readable with regular libc functions.
  */
-char *string_to_char(STRING *str){
+char *string_to_char(struct string_struct *s) {
-    int len=ntohl(str->size)+1;
+  size_t len = ntohl(s->size) + 1;
-    char *string=malloc(len);
+  char *new = malloc(len);
-    memcpy(string,str->string,len-1);
+
-    string[len-1]=0;
+  if (new == NULL) {
-    return string;
+    return NULL;
+  }
+  memcpy(new, s->string, len - 1);
+  new[len - 1] = '\0';
+  return new;
 }
 
-STRING *string_copy(STRING *str){
+/**
-    STRING *ret=malloc(ntohl(str->size)+4);
+ * @brief Copy a string, return a newly allocated string. The caller has to
-    ret->size=str->size;
+ *        free the string.
-    memcpy(ret->string,str->string,ntohl(str->size));
+ *
-    return ret;
+ * @param s             String to copy.
+ *
+ * @return              Newly allocated copy of the string, NULL on error.
+ */
+struct string_struct *string_copy(struct string_struct *s) {
+  struct string_struct *new = malloc(ntohl(s->size) + 4);
+
+  if (new == NULL) {
+    return NULL;
+  }
+  new->size = s->size;
+  memcpy(new->string, s->string, ntohl(s->size));
+
+  return new;
 }
 
 /** \brief destroy data in a string so it couldn't appear in a core dump
  * \param s string to burn
  */
-void string_burn(STRING *s){
+void string_burn(struct string_struct *s) {
-    memset(s->string,'X',string_len(s));
+  if (s == NULL) {
+    return;
+  }
+  memset(s->string, 'X', string_len(s));
 }
 
-void *string_data(STRING *s){
+/**
+ * @brief Get the payload of the string.
+ *
+ * @param s             The string to get the data from.
+ *
+ * @return              Return the data of the string or NULL on error.
+ */
+void *string_data(struct string_struct *s) {
+  if (s == NULL) {
+    return NULL;
+  }
+
   return s->string;
 }
 
@@ -110,8 +177,8 @@ void *string_data(STRING *s){
  * \brief deallocate a STRING object
  * \param s String to delete
  */
-void string_free(STRING *s){
+void string_free(struct string_struct *s) {
-	free(s);
+  SAFE_FREE(s);
 }
 
 /** @} */