Netstrings
D. J. Bernstein, djb@pobox.com
19970201


1. Introduction

   A netstring is a self-delimiting encoding of a string. Netstrings are
   very easy to generate and to parse. Any string may be encoded as a
   netstring; there are no restrictions on length or on allowed bytes.
   Another virtue of a netstring is that it declares the string size up
   front. Thus an application can check in advance whether it has enough
   space to store the entire string.

   Netstrings may be used as a basic building block for reliable network
   protocols. Most high-level protocols, in effect, transmit a sequence
   of strings; those strings may be encoded as netstrings and then
   concatenated into a sequence of characters, which in turn may be
   transmitted over a reliable stream protocol such as TCP.

   Note that netstrings can be used recursively. The result of encoding
   a sequence of strings is a single string. A series of those encoded
   strings may in turn be encoded into a single string. And so on.

   In this document, a string of 8-bit bytes may be written in two
   different forms: as a series of hexadecimal numbers between angle
   brackets, or as a sequence of ASCII characters between double quotes.
   For example, <68 65 6c 6c 6f 20 77 6f 72 6c 64 21> is a string of
   length 12; it is the same as the string "hello world!".

   Although this document restricts attention to strings of 8-bit bytes,
   netstrings could be used with any 6-bit-or-larger character set.


2. Definition

   Any string of 8-bit bytes may be encoded as [len]":"[string]",".
   Here [string] is the string and [len] is a nonempty sequence of ASCII
   digits giving the length of [string] in decimal. The ASCII digits are
   <30> for 0, <31> for 1, and so on up through <39> for 9. Extra zeros
   at the front of [len] are prohibited: [len] begins with <30> exactly
   when [string] is empty.

   For example, the string "hello world!" is encoded as <31 32 3a 68
   65 6c 6c 6f 20 77 6f 72 6c 64 21 2c>, i.e., "12:hello world!,". The
   empty string is encoded as "0:,".

   [len]":"[string]"," is called a netstring. [string] is called the
   interpretation of the netstring.


3. Sample code

   The following C code starts with a buffer buf of length len and
   prints it as a netstring.

      if (printf("%lu:",len) < 0) barf();
      if (fwrite(buf,1,len,stdout) < len) barf();
      if (putchar(',') < 0) barf();

   The following C code reads a netstring and decodes it into a
   dynamically allocated buffer buf of length len.

      if (scanf("%9lu",&len) < 1) barf();  /* >999999999 bytes is bad */
      if (getchar() != ':') barf();
      buf = malloc(len + 1);       /* malloc(0) is not portable */
      if (!buf) barf();
      if (fread(buf,1,len,stdin) < len) barf();
      if (getchar() != ',') barf();

   Both of these code fragments assume that the local character set is
   ASCII, and that the relevant stdio streams are in binary mode.


4. Security considerations

   The famous Finger security hole may be blamed on Finger's use of the
   CRLF encoding. In that encoding, each string is simply terminated by
   CRLF. This encoding has several problems. Most importantly, it does
   not declare the string size in advance. This means that a correct
   CRLF parser must be prepared to ask for more and more memory as it is
   reading the string. In the case of Finger, a lazy implementor found
   this to be too much trouble; instead he simply declared a fixed-size
   buffer and used C's gets() function. The rest is history.

   In contrast, as the above sample code shows, it is very easy to
   handle netstrings without risking buffer overflow. Thus widespread
   use of netstrings may improve network security.