Introduce utility safe string handling functions.

We have our versions of strdup, strlcat, and strlcpy.
This means we can avoid using snprintf() in many cases
(saving cycles), and we can get safer checks.  We use
the platform supplied versions of these if they exist
(wrapping with nni_xxx versions.)

7 files changed, 133 insertions, 9 deletions

diff --git a/src/core/endpt.c b/src/core/endpt.c
index f6aaf629..9dc33867 100644
--- a/src/core/endpt.c
+++ b/src/core/endpt.c
@@ -146,8 +146,7 @@ nni_ep_create(nni_ep **epp, nni_sock *s, const char *addr, int mode)
 	// dereference on hot paths.
 	ep->ep_ops = *tran->tran_ep;
 
-	// Could safely use strcpy here, but this avoids discussion.
-	(void) snprintf(ep->ep_addr, sizeof(ep->ep_addr), "%s", addr);
+	(void) nni_strlcpy(ep->ep_addr, addr, sizeof(ep->ep_addr));
 
 	NNI_LIST_NODE_INIT(&ep->ep_node);
 
diff --git a/src/core/list.c b/src/core/list.c
index 97fe5c30..8b26b64a 100644
--- a/src/core/list.c
+++ b/src/core/list.c
@@ -1,5 +1,5 @@
 //
-// Copyright 2017up Garrett D'Amore <garrett@damore.org>
+// Copyright 2017 Garrett D'Amore <garrett@damore.org>
 //
 // This software is supplied under the terms of the MIT License, a
 // copy of which should be located in the distribution where this
diff --git a/src/core/nng_impl.h b/src/core/nng_impl.h
index 8510dfb5..905411d7 100644
--- a/src/core/nng_impl.h
+++ b/src/core/nng_impl.h
@@ -38,6 +38,7 @@
 #include "core/panic.h"
 #include "core/protocol.h"
 #include "core/random.h"
+#include "core/strs.h"
 #include "core/taskq.h"
 #include "core/thread.h"
 #include "core/timer.h"
diff --git a/src/core/options.c b/src/core/options.c
index 03002d6c..4027564c 100644
--- a/src/core/options.c
+++ b/src/core/options.c
@@ -275,13 +275,11 @@ nni_option_set_id(const char *name, int id)
 		nni_mtx_unlock(&nni_option_lk);
 		return (NNG_ENOMEM);
 	}
-	len = strlen(name) + 1;
-	if ((opt->o_name = nni_alloc(len)) == NULL) {
+	if ((opt->o_name = nni_strdup(name)) == NULL) {
 		nni_mtx_unlock(&nni_option_lk);
 		NNI_FREE_STRUCT(opt);
 		return (NNG_ENOMEM);
 	}
-	(void) snprintf(opt->o_name, len, "%s", name);
 	if (id < 0) {
 		id = nni_option_nextid++;
 	}
@@ -347,7 +345,7 @@ nni_option_sys_fini(void)
 		nni_option *opt;
 		while ((opt = nni_list_first(&nni_options)) != NULL) {
 			nni_list_remove(&nni_options, opt);
-			nni_free(opt->o_name, strlen(opt->o_name) + 1);
+			nni_strfree(opt->o_name);
 			NNI_FREE_STRUCT(opt);
 		}
 	}
diff --git a/src/core/strs.c b/src/core/strs.c
new file mode 100644
index 00000000..7f236236
--- /dev/null
+++ b/src/core/strs.c
@@ -0,0 +1,98 @@
+//
+// Copyright 2017 Garrett D'Amore <garrett@damore.org>
+// Copyright 2017 Capitar IT Group BV <info@capitar.com>
+//
+// This software is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "core/nng_impl.h"
+
+// This file contains implementation of utility functions that are not
+// part of standard C99.  (C11 has added some things here, but we cannot
+// count on them.)
+
+char *
+nni_strdup(const char *src)
+{
+#ifdef NNG_HAVE_STRDUP
+	return (strdup(src));
+#else
+	char * dst;
+	size_t len = strlen(src);
+
+	if ((dst = nni_alloc(len)) != NULL) {
+		memcpy(dst, src, len);
+	}
+	return (dst);
+#endif
+}
+
+void
+nni_strfree(char *s)
+{
+	if (s != NULL) {
+#ifdef NNG_HAVE_STRDUP
+		free(s);
+#else
+		nni_free(s, strlen(s) + 1);
+#endif
+	}
+}
+
+size_t
+nni_strlcpy(char *dst, const char *src, size_t len)
+{
+#ifdef NNG_HAVE_STRLCPY
+	return (strlcpy(dst, src, len));
+#else
+	size_t n;
+	char   c;
+
+	n = 0;
+	do {
+		c = *src++;
+		n++;
+		if (n < len) {
+			*dst++ = c;
+		} else if (n == len) {
+			*dst = '\0';
+		}
+	} while (c);
+	return (n - 1);
+#endif
+}
+
+size_t
+nni_strlcat(char *dst, const char *src, size_t len)
+{
+#ifdef NNG_HAVE_STRLCAT
+	return (strlcat(dst, src, len));
+#else
+	size_t n;
+	char   c;
+
+	n = 0;
+	while ((*dst != '\0') && (n < len)) {
+		n++;
+		dst++;
+	}
+
+	do {
+		c = *src++;
+		n++;
+		if (n < len) {
+			*dst++ = c;
+		} else if (n == len) {
+			*dst = '\0';
+		}
+	} while (c);
+
+	return (n - 1);
+#endif
+}
diff --git a/src/core/strs.h b/src/core/strs.h
new file mode 100644
index 00000000..741504cd
--- /dev/null
+++ b/src/core/strs.h
@@ -0,0 +1,21 @@
+//
+// Copyright 2017 Garrett D'Amore <garrett@damore.org>
+// Copyright 2017 Capitar IT Group BV <info@capitar.com>
+//
+// This software is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+#ifndef CORE_STRS_H
+#define CORE_STRS_H
+
+// Safe string functions, in case the platform misses these.
+
+extern char * nni_strdup(const char *);
+extern void   nni_strfree(char *);
+extern size_t nni_strlcpy(char *, const char *, size_t);
+extern size_t nni_strlcat(char *, const char *, size_t);
+
+#endif // CORE_STRS_H
diff --git a/src/core/transport.c b/src/core/transport.c
index 3130ae26..eead861b 100644
--- a/src/core/transport.c
+++ b/src/core/transport.c
@@ -34,6 +34,7 @@ nni_tran_register(const nni_tran *tran)
 {
 	nni_transport *t;
 	int            rv;
+	size_t         sz;
 
 	// Its entirely possible that we are called before any sockets
 	// are opened.  Make sure we are initialized.  This has to be
@@ -56,12 +57,18 @@ nni_tran_register(const nni_tran *tran)
 		}
 	}
 	if ((t = NNI_ALLOC_STRUCT(t)) == NULL) {
+		nni_mtx_unlock(&nni_tran_lk);
 		return (NNG_ENOMEM);
 	}
 
 	t->t_tran = *tran;
-	(void) snprintf(
-	    t->t_prefix, sizeof(t->t_prefix), "%s://", tran->tran_scheme);
+	sz        = sizeof(t->t_prefix);
+	if ((nni_strlcpy(t->t_prefix, tran->tran_scheme, sz) >= sz) ||
+	    (nni_strlcat(t->t_prefix, "://", sz) >= sz)) {
+		nni_mtx_unlock(&nni_tran_lk);
+		NNI_FREE_STRUCT(t);
+		return (NNG_EINVAL);
+	}
 	if ((rv = t->t_tran.tran_init()) != 0) {
 		nni_mtx_unlock(&nni_tran_lk);
 		NNI_FREE_STRUCT(t);