zustr2stp.[ch]: Add zustr2stp()

There's no standard function that copies from a null-padded character
sequence into a string.

A few standard functions can be workarounded to do that:

-  strncat(3):  This function is designed to catenate from a null-padded
   character sequence into a string.  The catch is that there's no
   *cpy() equivalent of it --strncpy(3) is not at all related to
   strncat(3); don't be fooled by the confusing name--, so one would
   need to zero the first byte before the call to strncat(3).  It also
   has the inconvenient that it returns a useless value.

-  strncpy(3):  This function is designed to copy from a string to a
   null-padded character sequence; the opposite of what we want to do.
   If one passes the size of src instead of the size of dst, and then
   manually zeroes the last byte of the dst buffer, something similar
   to what we want happens.  However, this does more than what we want:
   it also padds with NUL the remaining bytes after the terminating NUL.
   That extra work can confuse maintainers to believe that it's
   necessary.  That is exactly what happens in logout.c.

src/logoutd.c-46-	/*
src/logoutd.c-47-	 * ut_user may not have the terminating NUL.
src/logoutd.c-48-	 */
src/logoutd.c:49:	strncpy (user, ut->ut_user, sizeof (ut->ut_user));
src/logoutd.c-50-	user[sizeof (ut->ut_user)] = '\0';

   In that logout.c case --and in most invocations of strncpy(3), which
   is usually a wrong tool-- the extra work is not wanted, so it's
   preferrable to use the right tool, a function that does exactly
   what's needed and nothing more than that.  That tool is zustr2stp().

Read string_copying(7) for a more complete comparison of string copying
functions.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/lib/Makefile.am b/lib/Makefile.am
index 3f749aa12bd8d3111f3cdebb43caec68c982ae8f..79e00085dca1ade3f07ea832cdfd83091785ff15 100644 (file)
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -157,7 +157,9 @@ libshadow_la_SOURCES = \
        xgetgrnam.c \
        xgetgrgid.c \
        xgetspnam.c \
-       yesno.c
+       yesno.c \
+       zustr2stp.c \
+       zustr2stp.h
 
 if WITH_TCB
 libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h

diff --git a/lib/zustr2stp.c b/lib/zustr2stp.c
new file mode 100644 (file)
index 0000000..8dfe870
--- /dev/null
+++ b/lib/zustr2stp.c
@@ -0,0 +1,17 @@
+/*
+ * SPDX-FileCopyrightText: 2022-2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include <stddef.h>
+
+#ident "$Id$"
+
+#include "zustr2stp.h"
+
+
+extern inline char *zustr2stp(char *restrict dst, const char *restrict src,
+    size_t sz);

diff --git a/lib/zustr2stp.h b/lib/zustr2stp.h
new file mode 100644 (file)
index 0000000..987a7ba
--- /dev/null
+++ b/lib/zustr2stp.h
@@ -0,0 +1,74 @@
+/*
+ * SPDX-FileCopyrightText: 2022-2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIBMISC_ZUSTR2STP_H_
+#define SHADOW_INCLUDE_LIBMISC_ZUSTR2STP_H_
+
+
+#include <config.h>
+
+#include <stddef.h>
+#include <string.h>
+
+#include "mempcpy.h"
+
+
+inline char *zustr2stp(char *restrict dst, const char *restrict src, size_t sz);
+
+
+/*
+ * SYNOPSIS
+ *     char *zustr2stp(char *restrict dst,
+ *                     const char src[restrict .sz], size_t sz);
+ *
+ * ARGUMENTS
+ *     dst     Destination buffer where to copy a string.
+ *
+ *     src     Source null-padded character sequence to be copied into
+ *             dst.
+ *
+ *     sz      Size of the *source* buffer.
+ *
+ * DESCRIPTION
+ *     This function copies the null-padded character sequence pointed
+ *     to by src, into a string at the buffer pointed to by dst.
+ *
+ * RETURN VALUE
+ *     dst + strlen(dst)
+ *             This function returns a pointer to the terminating NUL
+ *             byte.
+ *
+ * ERRORS
+ *     This function doesn't set errno.
+ *
+ * CAVEATS
+ *     This function doesn't know the size of the destination buffer.
+ *     It assumes it will always be large enough.  Since the size of
+ *     the source buffer is known to the caller, it should make sure to
+ *     allocate a destination buffer of at least `sz + 1`.
+ *
+ * EXAMPLES
+ *     char  src[13] = "Hello, world!"  // No '\0' in this buffer!
+ *     char  dst[SIZEOF_ARRAY(src) + 1];
+ *
+ *     zustr2stp(dst, src, SIZEOF_ARRAY(src));
+ *     puts(dst);
+ */
+
+
+inline char *
+zustr2stp(char *restrict dst, const char *restrict src, size_t sz)
+{
+       char  *p;
+
+       p = mempcpy(dst, src, strnlen(src, sz));
+       *p = '\0';
+
+       return p;
+}
+
+
+#endif  // include guard