This changeset removes the use of string functions that access string memory without a limit (i.e. that rely on the presence of a string terminator to determine the end of a string). Instead, a new string type (sstring) is being defined; this type is a struct that includes a pointer to string memory and the length of the string; use of this type makes it unnecessary to look for the string terminator in order to determine the length of a string, and thus avoids unbounded access to string memory.
C string literals (which by definition are NULL-terminated strings) are still allowed in the kernel code, but they are converted at compile time into sstring types, e.g. by using the ss() macro.
Since it is still necessary for the kernel to be able to process NULL-terminated strings (for example, strings read by drivers from peripheral memory), the sstring_from_cstring() function is being defined: this function takes a memory pointer and a maximum length value, and returns an sstring built by parsing the memory (up to the maximum length) looking for the string terminator (if no terminator is found, the returned string length is the maximum length).
The "%s" format specifier in printf-style functions now takes an sstring argument instead of a char *; the name field has been removed from closure structs, and the function handling the "%F" format specifier has been changed to retrieve a closure name from the kernel symbol table.
This changeset removes the use of string functions that access string memory without a limit (i.e. that rely on the presence of a string terminator to determine the end of a string). Instead, a new string type (sstring) is being defined; this type is a struct that includes a pointer to string memory and the length of the string; use of this type makes it unnecessary to look for the string terminator in order to determine the length of a string, and thus avoids unbounded access to string memory. C string literals (which by definition are NULL-terminated strings) are still allowed in the kernel code, but they are converted at compile time into sstring types, e.g. by using the ss() macro. Since it is still necessary for the kernel to be able to process NULL-terminated strings (for example, strings read by drivers from peripheral memory), the sstring_from_cstring() function is being defined: this function takes a memory pointer and a maximum length value, and returns an sstring built by parsing the memory (up to the maximum length) looking for the string terminator (if no terminator is found, the returned string length is the maximum length). The "%s" format specifier in printf-style functions now takes an sstring argument instead of a
char *; the name field has been removed from closure structs, and the function handling the "%F" format specifier has been changed to retrieve a closure name from the kernel symbol table.Requires https://github.com/nanovms/lwip/pull/11 and https://github.com/nanovms/mbedtls/pull/3