1.\"- 2.\" Copyright (c) 2000 Poul-Henning Kamp and Dag-Erling Co�dan Sm�rgrav 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" 28.Dd January 25, 2011 29.Dt SBUF 9 30.Os 31.Sh NAME 32.Nm sbuf , 33.Nm sbuf_new , 34.Nm sbuf_new_auto , 35.Nm sbuf_new_for_sysctl , 36.Nm sbuf_clear , 37.Nm sbuf_setpos , 38.Nm sbuf_bcat , 39.Nm sbuf_bcopyin , 40.Nm sbuf_bcpy , 41.Nm sbuf_cat , 42.Nm sbuf_copyin , 43.Nm sbuf_cpy , 44.Nm sbuf_printf , 45.Nm sbuf_vprintf , 46.Nm sbuf_putc , 47.Nm sbuf_set_drain , 48.Nm sbuf_trim , 49.Nm sbuf_error , 50.Nm sbuf_finish , 51.Nm sbuf_data , 52.Nm sbuf_len , 53.Nm sbuf_done , 54.Nm sbuf_delete 55.Nd safe string formatting 56.Sh SYNOPSIS 57.In sys/types.h 58.In sys/sbuf.h 59.Ft typedef\ int ( sbuf_drain_func ) ( void\ *arg, const\ char\ *data, int\ len ) ; 60.Pp 61.Ft struct sbuf * 62.Fn sbuf_new "struct sbuf *s" "char *buf" "int length" "int flags" 63.Ft struct sbuf * 64.Fn sbuf_new_auto 65.Ft void 66.Fn sbuf_clear "struct sbuf *s" 67.Ft int 68.Fn sbuf_setpos "struct sbuf *s" "int pos" 69.Ft int 70.Fn sbuf_bcat "struct sbuf *s" "const void *buf" "size_t len" 71.Ft int 72.Fn sbuf_bcopyin "struct sbuf *s" "const void *uaddr" "size_t len" 73.Ft int 74.Fn sbuf_bcpy "struct sbuf *s" "const void *buf" "size_t len" 75.Ft int 76.Fn sbuf_cat "struct sbuf *s" "const char *str" 77.Ft int 78.Fn sbuf_copyin "struct sbuf *s" "const void *uaddr" "size_t len" 79.Ft int 80.Fn sbuf_cpy "struct sbuf *s" "const char *str" 81.Ft int 82.Fn sbuf_printf "struct sbuf *s" "const char *fmt" "..." 83.Ft int 84.Fn sbuf_vprintf "struct sbuf *s" "const char *fmt" "va_list ap" 85.Ft int 86.Fn sbuf_putc "struct sbuf *s" "int c" 87.Ft void 88.Fn sbuf_set_drain "struct sbuf *s" "sbuf_drain_func *func" "void *arg" 89.Ft int 90.Fn sbuf_trim "struct sbuf *s" 91.Ft int 92.Fn sbuf_error "struct sbuf *s" 93.Ft int 94.Fn sbuf_finish "struct sbuf *s" 95.Ft char * 96.Fn sbuf_data "struct sbuf *s" 97.Ft int 98.Fn sbuf_len "struct sbuf *s" 99.Ft int 100.Fn sbuf_done "struct sbuf *s" 101.Ft void 102.Fn sbuf_delete "struct sbuf *s" 103.In sys/sysctl.h 104.Ft struct sbuf * 105.Fn sbuf_new_for_sysctl "struct sbuf *s" "char *buf" "int length" "struct sysctl_req *req" 106.Sh DESCRIPTION 107The 108.Nm 109family of functions allows one to safely allocate, construct and 110release bounded NUL-terminated strings in kernel space. 111Instead of arrays of characters, these functions operate on structures 112called 113.Fa sbufs , 114defined in 115.In sys/sbuf.h . 116.Pp 117The 118.Fn sbuf_new 119function initializes the 120.Fa sbuf 121pointed to by its first argument. 122If that pointer is 123.Dv NULL , 124.Fn sbuf_new 125allocates a 126.Vt struct sbuf 127using 128.Xr malloc 9 . 129The 130.Fa buf 131argument is a pointer to a buffer in which to store the actual string; 132if it is 133.Dv NULL , 134.Fn sbuf_new 135will allocate one using 136.Xr malloc 9 . 137The 138.Fa length 139is the initial size of the storage buffer. 140The fourth argument, 141.Fa flags , 142may be comprised of the following flags: 143.Bl -tag -width ".Dv SBUF_AUTOEXTEND" 144.It Dv SBUF_FIXEDLEN 145The storage buffer is fixed at its initial size. 146Attempting to extend the sbuf beyond this size results in an overflow condition. 147.It Dv SBUF_AUTOEXTEND 148This indicates that the storage buffer may be extended as necessary, so long 149as resources allow, to hold additional data. 150.El 151.Pp 152Note that if 153.Fa buf 154is not 155.Dv NULL , 156it must point to an array of at least 157.Fa length 158characters. 159The result of accessing that array directly while it is in use by the 160sbuf is undefined. 161.Pp 162The 163.Fn sbuf_new_auto 164function is a shortcut for creating a completely dynamic 165.Nm . 166It is the equivalent of calling 167.Fn sbuf_new 168with values 169.Dv NULL , 170.Dv NULL , 171.Dv 0 , 172and 173.Dv SBUF_AUTOEXTEND . 174.Pp 175The 176.Fn sbuf_new_for_sysctl 177function will set up an sbuf with a drain function to use 178.Fn SYSCTL_OUT 179when the internal buffer fills. 180Note that if the various functions which append to an sbuf are used while 181a non-sleepable lock is held, the user buffer should be wired using 182.Fn sysctl_wire_old_buffer . 183.Pp 184The 185.Fn sbuf_delete 186function clears the 187.Fa sbuf 188and frees any memory allocated for it. 189There must be a call to 190.Fn sbuf_delete 191for every call to 192.Fn sbuf_new . 193Any attempt to access the sbuf after it has been deleted will fail. 194.Pp 195The 196.Fn sbuf_clear 197function invalidates the contents of the 198.Fa sbuf 199and resets its position to zero. 200.Pp 201The 202.Fn sbuf_setpos 203function sets the 204.Fa sbuf Ns 's 205end position to 206.Fa pos , 207which is a value between zero and one less than the size of the 208storage buffer. 209This effectively truncates the sbuf at the new position. 210.Pp 211The 212.Fn sbuf_bcat 213function appends the first 214.Fa len 215bytes from the buffer 216.Fa buf 217to the 218.Fa sbuf . 219.Pp 220The 221.Fn sbuf_bcopyin 222function copies 223.Fa len 224bytes from the specified userland address into the 225.Fa sbuf . 226.Pp 227The 228.Fn sbuf_bcpy 229function replaces the contents of the 230.Fa sbuf 231with the first 232.Fa len 233bytes from the buffer 234.Fa buf . 235.Pp 236The 237.Fn sbuf_cat 238function appends the NUL-terminated string 239.Fa str 240to the 241.Fa sbuf 242at the current position. 243.Pp 244The 245.Fn sbuf_set_drain 246function sets a drain function 247.Fa func 248for the 249.Fa sbuf , 250and records a pointer 251.Fa arg 252to be passed to the drain on callback. 253The drain function cannot be changed while 254.Fa sbuf_len 255is non-zero. 256.Pp 257The registered drain function 258.Vt sbuf_drain_func 259will be called with the argument 260.Fa arg 261provided to 262.Fn sbuf_set_drain , 263a pointer 264.Fa data 265to a byte string that is the contents of the sbuf, and the length 266.Fa len 267of the data. 268If the drain function exists, it will be called when the sbuf internal 269buffer is full, or on behalf of 270.Fn sbuf_finish . 271The drain function may drain some or all of the data, but must drain 272at least 1 byte. 273The return value from the drain function, if positive, indicates how 274many bytes were drained. 275If negative, the return value indicates the negative error code which 276will be returned from this or a later call to 277.Fn sbuf_finish . 278The returned drained length cannot be zero. 279To do unbuffered draining, initialize the sbuf with a two-byte buffer. 280The drain will be called for every byte added to the sbuf. 281The 282.Fn sbuf_bcopyin , 283.Fn sbuf_copyin , 284.Fn sbuf_trim , 285and 286.Fn sbuf_data 287functions cannot be used on an sbuf with a drain. 288.Pp 289The 290.Fn sbuf_copyin 291function copies a NUL-terminated string from the specified userland 292address into the 293.Fa sbuf . 294If the 295.Fa len 296argument is non-zero, no more than 297.Fa len 298characters (not counting the terminating NUL) are copied; otherwise 299the entire string, or as much of it as can fit in the 300.Fa sbuf , 301is copied. 302.Pp 303The 304.Fn sbuf_cpy 305function replaces the contents of the 306.Fa sbuf 307with those of the NUL-terminated string 308.Fa str . 309This is equivalent to calling 310.Fn sbuf_cat 311with a fresh 312.Fa sbuf 313or one which position has been reset to zero with 314.Fn sbuf_clear 315or 316.Fn sbuf_setpos . 317.Pp 318The 319.Fn sbuf_printf 320function formats its arguments according to the format string pointed 321to by 322.Fa fmt 323and appends the resulting string to the 324.Fa sbuf 325at the current position. 326.Pp 327The 328.Fn sbuf_vprintf 329function behaves the same as 330.Fn sbuf_printf 331except that the arguments are obtained from the variable-length argument list 332.Fa ap . 333.Pp 334The 335.Fn sbuf_putc 336function appends the character 337.Fa c 338to the 339.Fa sbuf 340at the current position. 341.Pp 342The 343.Fn sbuf_trim 344function removes trailing whitespace from the 345.Fa sbuf . 346.Pp 347The 348.Fn sbuf_error 349function returns any error value that the 350.Fa sbuf 351may have accumulated, either from the drain function, or ENOMEM if the 352.Fa sbuf 353overflowed. 354This function is generally not needed and instead the error code from 355.Fn sbuf_finish 356is the preferred way to discover whether an sbuf had an error. 357.Pp 358The 359.Fn sbuf_finish 360function will call the attached drain function if one exists until all 361the data in the 362.Fa sbuf 363is flushed. 364If there is no attached drain, 365.Fn sbuf_finish 366NUL-terminates the 367.Fa sbuf . 368In either case it marks the 369.Fa sbuf 370as finished, which means that it may no longer be modified using 371.Fn sbuf_setpos , 372.Fn sbuf_cat , 373.Fn sbuf_cpy , 374.Fn sbuf_printf 375or 376.Fn sbuf_putc , 377until 378.Fn sbuf_clear 379is used to reset the sbuf. 380.Pp 381The 382.Fn sbuf_data 383function returns the actual string; 384.Fn sbuf_data 385only works on a finished 386.Fa sbuf . 387The 388.Fn sbuf_len function returns the length of the string. 389For an 390.Fa sbuf 391with an attached drain, 392.Fn sbuf_len 393returns the length of the un-drained data. 394.Fn sbuf_done 395returns non-zero if the 396.Fa sbuf 397is finished. 398.Sh NOTES 399If an operation caused an 400.Fa sbuf 401to overflow, most subsequent operations on it will fail until the 402.Fa sbuf 403is finished using 404.Fn sbuf_finish 405or reset using 406.Fn sbuf_clear , 407or its position is reset to a value between 0 and one less than the 408size of its storage buffer using 409.Fn sbuf_setpos , 410or it is reinitialized to a sufficiently short string using 411.Fn sbuf_cpy . 412.Pp 413Drains in user-space will not always function as indicated. 414While the drain function will be called immediately on overflow from 415the 416.Fa sbuf_putc , 417.Fa sbuf_bcat , 418.Fa sbuf_cat 419functions, 420.Fa sbuf_printf 421and 422.Fa sbuf_vprintf 423currently have no way to determine whether there will be an overflow 424until after it occurs, and cannot do a partial expansion of the format 425string. 426Thus when using libsbuf the buffer may be extended to allow completion 427of a single printf call, even though a drain is attached. 428.Sh RETURN VALUES 429The 430.Fn sbuf_new 431function returns 432.Dv NULL 433if it failed to allocate a storage buffer, and a pointer to the new 434.Fa sbuf 435otherwise. 436.Pp 437The 438.Fn sbuf_setpos 439function returns \-1 if 440.Fa pos 441was invalid, and zero otherwise. 442.Pp 443The 444.Fn sbuf_cat , 445.Fn sbuf_cpy , 446.Fn sbuf_printf , 447.Fn sbuf_putc , 448and 449.Fn sbuf_trim 450functions 451all return \-1 if the buffer overflowed, and zero otherwise. 452.Pp 453The 454.Fn sbuf_error 455function returns a non-zero value if the buffer has an overflow or 456drain error, and zero otherwise. 457.Pp 458The 459.Fn sbuf_data 460and 461.Fn sbuf_len 462functions return 463.Dv NULL 464and \-1, respectively, if the buffer overflowed. 465.Pp 466The 467.Fn sbuf_copyin 468function 469returns \-1 if copying string from userland failed, and number of bytes 470copied otherwise. 471The 472.Fn sbuf_finish 473function returns ENOMEM if the sbuf overflowed before being finished, 474or returns the error code from the drain if one is attached. 475When used as 476.Xr sbuf_finish 3 , 477.Fn sbuf_finish 478will return \-1 and set errno on error instead. 479.Sh SEE ALSO 480.Xr printf 3 , 481.Xr strcat 3 , 482.Xr strcpy 3 , 483.Xr copyin 9 , 484.Xr copyinstr 9 , 485.Xr printf 9 486.Sh HISTORY 487The 488.Nm 489family of functions first appeared in 490.Fx 4.4 . 491.Sh AUTHORS 492.An -nosplit 493The 494.Nm 495family of functions was designed by 496.An Poul-Henning Kamp Aq phk@FreeBSD.org 497and implemented by 498.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . 499Additional improvements were suggested by 500.An Justin T. Gibbs Aq gibbs@FreeBSD.org . 501Auto-extend support added by 502.An Kelly Yancey Aq kbyanc@FreeBSD.org . 503Drain functionality added by 504.An Matthew Fleming Aq mdf@FreeBSD.org . 505.Pp 506This manual page was written by 507.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . 508